Single page web applications (SPA) with a RESTful backend have profoundly changed the way web applications are developed, as more functionality is pushed towards the browser, both on traditional platforms and on mobile platforms. The underlying security mechanisms and policies, however, have not changed, and building secure applications still requires knowledge and effort from the developer.
In this session, we will investigate the impact of this paradigm shift on the architecture of web applications and their security model. We zoom into concrete vulnerabilities and their countermeasures, applied to AngularJS. For example, we will look into cross-site scripting (XSS), and the rising of Content Security Policy (CSP), the very powerful client-side security policy that is becoming the developer's swiss army knife of security tools.
Sandwiches and drinks will be provided.
Philippe De Ryck is a postdoctoral researcher with the iMinds-DistriNet research group at KU Leuven, Belgium, where he obtained his PhD on client-side web security. He has recently published a book titled Primer on Client-Side Web Security, which focuses on the state of practice and state of the art in client-side web security. Philippe is responsible for the web security modules in the secure software curriculum at the university, and is also an acclaimed trainer at industry events. His experience includes a full-day security tutorial at the international Essos conference, a B-CCentre training day tailored towards law enforcement officers and the financial sector, and repeated participation in the renowned weeklong SecAppDev course.