Podcast 4 | Security Patterns For Client-Side Apps Running In The Browser

Great to have Dr. Philippe De Ryck (https://linkedin.com/in/PhilippeDeRyck) on the podcast. He talked about various security challenges faced by developers while working with client-side applications. Do you know the security considerations when choosing b/w Local versus Session storage? How does the Single Origin Policy work? How to encrypt local storage? You may learn a thing or two if you don't :)

0:00 - 1:30 | Introduction.
1:30 - 5:20 | Client-Side apps (e.g. SPA) and Server-Side app security.
5:20 - 12:51 | Walkthrough - What can go wrong when a client-side app runs in a browser?
12:52 - 22:20 | Walkthrough - Using Local Storage & Session Storage to handle data.
22:21 - 31:46 | Understanding how the Same Origin Policy (SOP) works.
31:47 - 37:40 | Where does Local Storage data reside? How to secure it?
37:41 - 40:03 | Final thoughts & Key Takeaways.

Also, Philippe created several one-page cheat sheets, available free of cost from the (https://pragmaticwebsecurity.com/cheatsheets.html)

1. Angular and the OWASP top 10
2. Avoiding XSS in React applications
3. JSON Web Tokens (JWT)