Mar 11, 2026

Breaking & Securing OAuth 2.0 in Frontends • Philippe De Ryck • YOW! 2025

This talk by Philippe De Ryck explains why common OAuth 2.0 patterns in Single Page Applications (SPAs) are fundamentally insecure against Cross-Site Scripting (XSS) attacks. He demonstrates how defenses like refresh token rotation can be bypassed and introduces the Backend-for-Frontend (BFF) pattern as the secure, recommended solution.

Mar 05, 2026

Software Security for Developers • Laur Spilca & Thomas Vitale • GOTO 2026

Author Laurentiu Spilca discusses his book 'Software Security for Developers', covering why developers avoid security, the dangers of reinventing standards like OAuth 2.0, the growing risks of AI-generated code, and the critical need to understand foundational concepts like encryption, hashing, and PKI.