Shields Up! Security and React Apps

A single-page application means putting a lot of traditionally server-side internals in the great unknown of a client's browser. The move of data and logic towards frontend requires a different model for application security. In addition to old foes like cross-site scripting, we now have to consider concepts like local storage, routing, JWTs and OAuth2 frameworks, and understand their implications in locking down our apps. Let's clear up the confusion and zero in on the approaches and techniques you need to secure your React app. We'll examine several layers of security relevant to React apps, including UI-level security (preventing XSS attacks and securing routes with React Router and Higher-Order Components), and API security using JWTs and third-party authentication-providers. The format of this talk won't include hands-on examples, but sample projects of the various approaches discussed will be provided.