Friday
Room 1
16:00 - 18:00
(UTC+01)
1 day
Part 3/3: Hands-on deep-dive into frontend security
Modern web applications rely heavily on frontend code, making browser security mechanisms crucial for protecting users and data. This hands-on workshop takes a deep dive into advanced frontend security for Angular / React / Vue applications.
Participants will explore real-world attack scenarios and implement defenses through guided exercises. Designed for developers and security professionals, this workshop blends academic depth with practical application, equipping attendees with the skills to secure modern frontends effectively.
Content overview
- The security model of frontend web applications
- Defending against UI redressing attacks
- Using Subresource Integrity for JavaScript security
- Isolating untrusted content with HTML5 sandboxing
- Understanding the threat behind XSS
- Preventing XSS in Angular / React / Vue
- XSS pitfalls in Angular / React / Vue
- Using Trusted Types as an XSS defense
- Introduction to Content Security Policy (CSP)
- Deploying CSP for Single Page Applications
- Practicalities about CSP
- Hands-on labs throughout the day
- Content level
- Deep-dive
Target audience
Developers, architects, and security professionals working with frontends
Prerequisites
Understanding JavaScript and frontend applications. Labs do not require prerequisite security knowledge or proficient developer skills.
Technical requirements
A laptop with a modern browser
Philippe De Ryck
Philippe De Ryck specializes in making web security accessible to developers and architects, leveraging his Ph.D. from KU Leuven to inform his comprehensive understanding of security challenges. As the founder of Pragmatic Web Security, he provides practical security training and consulting services to organizations worldwide.
His online course platform offers a self-paced approach to learning about security. Philippe also actively helps shape OAuth 2.0 best practices as the co-author of the best practices for browser-based apps specification.
Philippe is recognized as a Google Developer Expert, acknowledging his contributions to web application and API security. He also organizes SecAppDev, an annual week-long application security course in Belgium.