April 26th - 27th, 2014

Web Security in Single Page Apps and node.js

Web Security is usually an afterthought but is an important part of building a production-ready app. In the last few years, Single Page Apps (SPAs) have become very popular in the web community. Unfortunately, there are plenty of bad patterns with security vulnerabilities being spread across the web. Single Page Apps are a new and different kind of architecture but you need to do even more than the "classic web" to secure your app. The good news is there are a lot of great modules and frameworks to use to help protect you against XSS, Clickjacking, CSRF, etc. In this talk, I plan to identify some anti-patterns and show best practices for securing your apps (focusing on node and SPA libraries like backbone). I'll show actual code samples with security holes and what you can do to patch it up. I hope to inspire others to care about security and take the extra step to secure their app and their users. Thanks!

This contribution is by Mark Stuart

38 Votes