A podcast for developers interested in building great software products. Every episode, Adam Wathan is joined by a guest to talk about everything from product design and user experience to unit testing and system administration.
http://fullstackradio.com
episode 98: 98: Ryan Chenkie - Securing Single Page Applications
Topics include:
- What JSON Web Tokens are and how to use them to authenticate users
- Strategies for invalidating stateless API tokens
- Using cookie and session authentication
- Using authentication-as-a-service solutions like Auth0
- Proxying requests to your API to simplify CORS issues
- Protecting against XSS attacks
Sponsors:
- Cloudinary, sign up and get 300,000 images/videos, 10GB of storage and 20GB of monthly bandwidth for free
- Rollbar, sign up at https://rollbar.com/fullstackradio to try their Bootstrap Plan free for 90 days
Links:
- JSON Web Tokens
- Securing Angular Applications, Ryan's book
- Security Headers scanning tool
- "I’m harvesting credit card numbers and passwords from your site. Here’s how."
- https://auth0.com/
- "CORS is bad for performance" Twitter thread