Building Secure React Applications

Presented at Global AppSec - DC 2019, Sept. 12, 2019, 3:30 p.m. (45 minutes).

Cross-Site Scripting (or client-side JavaScript injection) and other client-side risk are well known technical challenges that web application developers have faced for many years. While frameworks like React provide some automatic defenses to stop Cross Site Scripting; React developers still require specialized knowledge to build secure React applications. This presentation will review some of the necessary general purpose Cross Site Scripting defense recommendations as well as present specialized techniques that all React developers who wish to build secure React applications will benefit from.


Presenters:

  • Jim Manico - Manicode Security
    Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for BitDiscovery, Nucleus Security, Secure Circle and Signal Sciences. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project co-lead for the OWASP Application Security Verification Standard and the OWASP Proactive Controls. For more information, see http://www.linkedin.com/in/jmanico.
  • Ron Perris - Manicode Security
    Ron provides secure code training and specific remediation guidance through in-person workshops and online courses at Manicode Security. Also, as a member of the Node.js Security WG, Ron provides source code review and code remediation guidance to the JavaScript developer community.

Links:

Similar Presentations: