98: Ryan Chenkie - Securing Single Page Applications

Full Stack Radio

Sep 26, 2018•58 min•Ep. 98

--:--

Listen in podcast apps:

Apple Podcasts

Spotify

Download

Listen to this episode in Metacast mobile app

Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

Topics include:

What JSON Web Tokens are and how to use them to authenticate users
Strategies for invalidating stateless API tokens
Using cookie and session authentication
Using authentication-as-a-service solutions like Auth0
Proxying requests to your API to simplify CORS issues
Protecting against XSS attacks

Sponsors:

Cloudinary, sign up and get 300,000 images/videos, 10GB of storage and 20GB of monthly bandwidth for free
Rollbar, sign up at https://rollbar.com/fullstackradio to try their Bootstrap Plan free for 90 days

Links:

JSON Web Tokens
Securing Angular Applications, Ryan's book
Security Headers scanning tool
"I’m harvesting credit card numbers and passwords from your site. Here’s how."
https://auth0.com/
"CORS is bad for performance" Twitter thread

For the best experience, listen in Metacast app for iOS or Android