secappdev.org's video: Securing Single Page Applications - Philippe De Ryck

Single page web applications (SPA) with a RESTful backend have profoundly changed the way web applications are developed, as more functionality is pushed towards the browser, both on traditional platforms and on mobile platforms. The underlying security mechanisms and policies, however, have not changed, and building secure applications still requires knowledge and effort from the developer. In this session, we investigate the impact of an SPA on an application's architecture, security model and underlying data flows. Attendees will learn how common web application vulnerabilities manifest themselves in SPAs. This session also covers several currently available countermeasures, and explains how they are deployed in an SPA. The practical content in this session is tailored towards an AngularJS environment. This lecture was delivered at SecAppDev 2015 in Leuven. Philippe is the main contact person within iMinds-DistriNet for Web Security-related training activities. Philippe obtained a PhD for his work on client-side Web security, and currently focuses on a sustainable knowledge transfer of his expertise in Web security to industry partners, mainly through training courses and public dissemination activities.