"Denied! Securing your Application with Better User Authorization"
ForwardsJS Ottawa 2019Abstract
As our applications grow in complexity, application security needs to change to keep pace. Using real-world examples we will explore new implementations for front-end user authorization and authentication best practices. We’ll go beyond the basics of determining if a user is logged in, and discuss using JSON Web Tokens (JWT) for authentication. By examining security vulnerabilities lurking in most web applications we will demonstrate strategies to implement new security patterns using today’s hottest JavaScript frameworks (Angular, React, Vue). You’ll find unique ways to differentiate users by roles or security groups, changing the user experience. We’ll discuss ways to control a user’s access down to a single data point by moving our authorization model to the component level.
Key areas we’ll cover
- JSON Web Token (JWT) best practices
- Route and Component level authorization
- Role based user access
- Vulnerabilities in modern web apps