Level: Technical

Abstract:
OAuth is a very common thing on the modern web, but most single-page apps have a fundamental security flaw in the implementation (including some popular OAuth libraries).
In most cases, the tokens will be saved to localStorage, or a js-accessible cookie and the developer will be done with it, but both of those approaches are susceptible to an XSS attack. In this talk, we’ll go through the secure alternatives to this implementation.”

Bio:
Darko Kukovec – An engineer with over a decade of experience developing web applications using JavaScript and TypeScript in various forms.

Video/recordings:

[Slides (PDF)] [Recording (MP4)]

Posted on Monday, May 15th, 2023 at 9:25 pm in talks | rss feed for comments| Both comments and pings are currently closed.