Home Conference Sessions Building Secure ...

Building Secure React Applications

Philippe De Ryck | GOTO Berlin 2019

You need to be signed in to add a collection

React is a secure framework. It handles cross-site scripting (XSS) out of the box. While these statements sound very hopeful, they are unfortunately far from reality. Building secure applications with React is easier than starting from scratch. However, even with React, there are several guidelines and considerations to take into account. In this session, we take a deep-dive into two particular topics. We take a close look at XSS, React's defenses, and the responsibilities of the developer. The second topic zooms in on the challenges with including NPM dependencies. We look at how attackers abuse NPM to target your application. Throughout these topics, we build a set of concrete guidelines you can immediately apply to your applications. **What will the audience learn from this talk?**<br> The audience will learn about real-world security pitfalls in React applications, more importantly, how to prevent them. **Does it feature code examples and/or live coding?**<br> Yes, the entire talk is example driven! **Prerequisite attendee experience level:** <br> [Level 300](https://gotober.com/2019/pages/experience-level)

Share on:
linkedin facebook
Copied!

Transcript

React is a secure framework. It handles cross-site scripting (XSS) out of the box. While these statements sound very hopeful, they are unfortunately far from reality. Building secure applications with React is easier than starting from scratch. However, even with React, there are several guidelines and considerations to take into account.

In this session, we take a deep-dive into two particular topics. We take a close look at XSS, React's defenses, and the responsibilities of the developer. The second topic zooms in on the challenges with including NPM dependencies. We look at how attackers abuse NPM to target your application. Throughout these topics, we build a set of concrete guidelines you can immediately apply to your applications.

What will the audience learn from this talk?
The audience will learn about real-world security pitfalls in React applications, more importantly, how to prevent them.

Does it feature code examples and/or live coding?
Yes, the entire talk is example driven!

Prerequisite attendee experience level:
Level 300

About the speakers

Philippe De Ryck

Philippe De Ryck

Web Security Expert, Founder of Pragmatic Web Security