SecAppDev 2024 lecture details
Designing “least-authority” JavaScript apps
Learn the problems and solutions of combining "trusted" and "untrusted" JavaScript. We introduce secure dialects of JavaScript and practical tools that are available to help contain third-party dependencies.
Monday June 3rd, 14:00 - 15:30
Room West Wing
Add to calendar (ICS) Add to Google calendarAbstract
How can trusted and untrusted JavaScript modules safely co-exist within the same application runtime? Maybe your app loads third-party scripts as “plug-ins”, or maybe the functionality of your app itself is built from third-party modules using a package manager. Dealing with untrusted code is more common than you may think. We discuss how modules can be “isolated” from one another, independent of whether you’re using JS in front-end or back-end applications. We introduce secure dialects of JavaScript and practical tools that are available to help contain third-party dependencies.
Key takeaway
Learn how to get "trusted" and "untrusted" JavaScript to safely co-exist in your app.
Content level
Deep-dive
Target audience
Web developers, full-stack engineers, web application software architects
Prerequisites
Some fluency with the JavaScript programming language.
Join us for SecAppDev. You will not regret it!
Grab your seat now
Tom Van Cutsem
Associate Professor, KU Leuven
Expertise: Distributed systems, web apps and blockchain (d)apps
Join us for SecAppDev. You will not regret it!
Grab your seat nowRelated lectures
Supercharging OAuth 2.0 security
Advanced lecture by Philippe De Ryck in room Lemaire
Tuesday June 4th, 16:00 - 17:30
Discover how to apply OAuth 2.0 in high-security scenarios, exploring its latest security enhancements. Learn about advanced features like Resource Indicators, JAR, PAR, and DPoP, gaining the knowledge to implement OAuth 2.0 securely.
Key takeaway: OAuth 2.0 offers various new security enhancements, including Resource Indicators, JAR, PAR, DPoP, designed for high-security environments
An open source WAF in a high security setting
Introductory lecture by Christian Folini in room West Wing
Wednesday June 5th, 09:00 - 10:30
Introduction to WAFs, a highly commercial market with a dominant open source offering, crazy incentives of WAF vendors, the history of online voting in Switzerland, the 2019 disaster and ray of hope cast by the WAF.
Key takeaway: Basic understanding of web application firewalls, their use cases and their limits.
Security foundations for modern web applications
Introductory lecture by Philippe De Ryck in room West Wing
Monday June 3rd, 11:00 - 12:30
In this session, we explore how to leverage the fundamental security model of the web for security. We also explore how to build a secure foundation for your web and API-based applications.
Key takeaway: Understand how the browser reasons about web security, and how you can leverage browser security mechanisms to secure your applications