We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Building Secure User Interfaces with JWTs (JSON Web Tokens)

Formal Metadata

Title
Building Secure User Interfaces with JWTs (JSON Web Tokens)
Alternative Title
Build Secure User Interfaces Using JSON Web Tokens (JWTs)
Title of Series
Number of Parts
133
Author
License
CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
With new tools like Angularjs and Nodejs, it is easier than ever to build User Interfaces for the systems that you manage. But how to do it securely? Web browsers are woefully insecure, and hand-rolled APIs are risky. JSON Web Tokens (JWTs) are being prescribed as a panacea for webapp security, but you need to know your security basics before you can implement them with peace of mind. JWTs are a great mechanism for persisting authentication information in a verifiable and stateless way, but that token still needs to be stored somewhere.In this talk, Robert Damphousse, lead front-end developer at Stormpath, will explain the security loopholes in web browsers, and what you can do about them – keeping your JWTs safe and secure. Topics covered include: Web browser security issues like XSS, user credential security, managing access control information, Man in the Middle attacks (MitM), and Cross-Site Request Forgery (CSRF). How you can mitigate potential security risks. Security issues and implementation tips across the entire stack. What you need to know about cookies. Infrastructure issues with session identifiers. How to issue JSON Web Tokens (JWTs) to secure the browser application.Robert will demonstrate these points with a simple single-page-application, built with Angular.js, and backed by a REST API.