Level: Technical

Abstract:
OAuth is a very common thing on the modern web, but most single-page apps have a fundamental security flaw in the implementation (including some popular OAuth libraries).
In most cases, the tokens will be saved to localStorage, or a js-accessible cookie and the developer will be done with it, but both of those approaches are susceptible to an XSS attack. In this talk, we’ll go through the secure alternatives to this implementation.”

Bio:
Darko Kukovec – An engineer with over a decade of experience developing web applications using JavaScript and TypeScript in various forms.

Video/recordings:

[Slides (PDF)] [Recording (MP4)]

Comments are closed.