Episode 98
98: Ryan Chenkie - Securing Single Page Applications
In this episode Adam talks to Ryan Chenkie of Angularcasts about authentication strategies and security best practices when building client-side applications with frameworks like React, Vue, Angular, or Ember.
September 26, 201857m 46s
Audio is streamed directly from the publisher (media.transistor.fm) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Topics include:
- What JSON Web Tokens are and how to use them to authenticate users
- Strategies for invalidating stateless API tokens
- Using cookie and session authentication
- Using authentication-as-a-service solutions like Auth0
- Proxying requests to your API to simplify CORS issues
- Protecting against XSS attacks
Sponsors:
- Cloudinary, sign up and get 300,000 images/videos, 10GB of storage and 20GB of monthly bandwidth for free
- Rollbar, sign up at https://rollbar.com/fullstackradio to try their Bootstrap Plan free for 90 days
Links:
- JSON Web Tokens
- Securing Angular Applications, Ryan's book
- Security Headers scanning tool
- "I’m harvesting credit card numbers and passwords from your site. Here’s how."
- https://auth0.com/
- "CORS is bad for performance" Twitter thread
Topics
technologysoftwarewebdevelopmentproductstartup