The course covers learning outcomes and goals related to web application security, focusing on XSS, CSRF, CORS, JWT, HTTPS, SPAs, REST APIs, and other security vulnerabilities. The course aims to teach participants how to protect themselves and their users from these threats. The individual skills or tools taught include understanding various security vulnerabilities, implementing security measures like CSP, and conducting security audits. The teaching method involves a conference talk format with a duration of 28 minutes. The intended audience for this course is web developers, particularly those working with Angular, React, and other Single Page Application frameworks, who want to enhance their understanding of web application security.
Overview
Syllabus
Intro
HTTPS
JWT
Cookies
JSON Web Tokens
Social Network
CSRF
Target Blank
No Opener
Little Bobby
Myspace worm
CSS inline CSS
XSS demo
JSONP
CSP
CSP should be your safety net
Avoid clickjacking
Security audits
Summary
Taught by
JSConf