Full Stack Web Development

T09 Securing Single Page Applications (SPAs)


1:30pm - 2:45pm

Level: Intermediate to Advanced

Ben Hoelting

Development Manager

Ent Credit Union

One topic often pushed to the side when talking about Single Page Applications (SPAs) is security. The short answer is "you can't secure the client side." However, the reality is you still need to secure your application as a whole. In this session, you will learn about what you can and can't do with security in SPAs, and how you can protect the application as a whole with a combination of securing the files that compose your application, providing a good user experience for login and authorization in your client side app, and securing the Web API calls that your SPA depends on to access the sensitive parts of your application - the data. You'll also learn about other aspects of security that the client side has to participate in, including CSRF/XSRF, XSS, and CORS. You'll learn all this primarily in the context of using ASP.NET for your back end, and you'll see how to leverage SPA patterns to help manage the Http service used to get your auth token added to your back-end calls.

You will learn:

  • How hackers can attack your applications
  • How to secure the app as much as possible on the client
  • How to secure the backend and the calls made from frontend to the backend