SecAppDev 2025 workshop details

Learning goal: Understand and apply state-of-the-art security mechanisms to protect modern frontends from real-world threats.

Schedule TBD

Abstract

Modern web applications rely heavily on frontend code, making browser security mechanisms crucial for protecting users and data. This hands-on workshop takes a deep dive into advanced frontend security for Angular / React / Vue applications.

Participants will explore real-world attack scenarios and implement defenses through guided exercises. Designed for developers and security professionals, this workshop blends academic depth with practical application, equipping attendees with the skills to secure modern frontends effectively.

Content overview

• The security model of frontend web applications
• Defending against UI redressing attacks
• Using Subresource Integrity for JavaScript security
• Isolating untrusted content with HTML5 sandboxing
• Understanding the threat behind XSS
• Preventing XSS in Angular / React / Vue
• XSS pitfalls in Angular / React / Vue
• Using Trusted Types as an XSS defense
• Introduction to Content Security Policy (CSP)
• Deploying CSP for Single Page Applications
• Practicalities about CSP
• Hands-on labs throughout the day

Content level

Deep-dive

Target audience

Developers, architects, and security professionals working with frontends

Prerequisites

Understanding JavaScript and frontend applications. Labs do not require prerequisite security knowledge or proficient developer skills.

Technical requirements

A laptop with a modern browser