SecAppDev 2024 lecture details
Designing “least-authority” JavaScript apps
Learn the problems and solutions of combining "trusted" and "untrusted" JavaScript. We introduce secure dialects of JavaScript and practical tools that are available to help contain third-party dependencies.
Monday June 3rd, 14:00 - 15:30
Room West Wing
Download handoutsAbstract
How can trusted and untrusted JavaScript modules safely co-exist within the same application runtime? Maybe your app loads third-party scripts as “plug-ins”, or maybe the functionality of your app itself is built from third-party modules using a package manager. Dealing with untrusted code is more common than you may think. We discuss how modules can be “isolated” from one another, independent of whether you’re using JS in front-end or back-end applications. We introduce secure dialects of JavaScript and practical tools that are available to help contain third-party dependencies.
Key takeaway
Learn how to get "trusted" and "untrusted" JavaScript to safely co-exist in your app.
Content level
Deep-dive
Target audience
Web developers, full-stack engineers, web application software architects
Prerequisites
Some fluency with the JavaScript programming language.
Tom Van Cutsem
Associate Professor, KU Leuven
Expertise: Distributed systems, web apps and blockchain (d)apps
Related lectures
Supercharging OAuth 2.0 security
Advanced lecture by Philippe De Ryck in room Lemaire
Tuesday June 4th, 16:00 - 17:30
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Key takeaway: OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
Security foundations for modern web applications
Introductory lecture by Philippe De Ryck in room West Wing
Monday June 3rd, 11:00 - 12:30
In this session, we explore how to leverage the fundamental security model of the web for security. We also explore how to build a secure foundation for your web and API-based applications.
Key takeaway: Understand how the browser reasons about web security, and how you can leverage browser security mechanisms to secure your applications
Introduction to Macaroons
Introductory lecture by Neil Madden in room Lemaire
Wednesday June 5th, 14:00 - 15:30
A deep dive into the workings of Macaroons, a novel authorization technique developed by Google. Learn the unique capabilities of this exciting new technology and how it is being deployed by multiple companies to secure the cloud.
Key takeaway: Learn when to use Macaroons vs other technologies for authentication tokens.