Tokenless

Xss

Breaking & Securing OAuth 2.0 in Frontends • Philippe De Ryck • YOW! 2025

Breaking & Securing OAuth 2.0 in Frontends • Philippe De Ryck • YOW! 2025

This talk by Philippe De Ryck explains why common OAuth 2.0 patterns in Single Page Applications (SPAs) are fundamentally insecure against Cross-Site Scripting (XSS) attacks. He demonstrates how defenses like refresh token rotation can be bypassed and introduces the Backend-for-Frontend (BFF) pattern as the secure, recommended solution.

Building Secure ReactJS Apps: Mastering Advanced Security Techniques • Jim Manico • GOTO 2024

Building Secure ReactJS Apps: Mastering Advanced Security Techniques • Jim Manico • GOTO 2024

A deep dive into ReactJS security, this presentation reframes the discussion around leveraging AI for secure code generation. It argues that by creating detailed, specific security prompts, developers can train AI to be an expert security coder, transforming it from a flawed tool into a powerful ally for building robust and secure applications.