Founder; Pragmatic Web Security
Philippe De Ryck is the founder of Pragmatic Web Security, where he travels the world to train developers on web security and security engineering. He holds a Ph.D. in web security from KU Leuven. Google recognizes Philippe as a Google Developer Expert for his knowledge of web security and security in Angular applications.
Thursday, June 27
3:10 - 3:35 pm Cabinet
Security patterns for keeping secrets in the browser Modern applications often rely on storing data in the browser. A simple scenario is keeping a JWT token in localStorage. A more complex scenario is keeping application data in the browser to enable offline use. Unfortunately, the security properties of these mechanisms are less than stellar. Device-based access or XSS attacks easily result in the compromise of sensitive data.
In this talk, we investigate the strengths and weaknesses of browser-based storage mechanisms. We explore various security strategies to protect sensitive data. We even propose a way to protect data against physical access to the device. Throughout the talk, we build up a set of security patterns for frontend developers. You will walk away with practical guidelines for storing data in frontend applications.
Enter your details to receive email updates from Identiverse