Security in modern Web Applications - OWASP to the rescue!

Could a malicious NPM package give attackers a reverse shell into your system? Learn how this simple mistake compromised companies like PayPal, Microsoft, and Netflix.

#1about 3 minutes

Frontend developers now share responsibility for application security

Modern full-stack frameworks like Nuxt.js and Next.js shift security concerns from being backend-only to involving frontend developers.

#2about 3 minutes

Why security is often neglected in development

The push to deliver features quickly often leads development teams to overlook critical aspects like security, performance, and accessibility.

#3about 2 minutes

Understanding the OWASP Top 10 for web security

The OWASP Top 10 is a standard awareness document that provides a starting point for understanding the most critical web application security risks.

#4about 3 minutes

Common web application threats like injection and DoS

Explore common vulnerabilities from the OWASP list, including SQL injection, cross-site scripting (XSS), broken access control, and denial-of-service (DoS) attacks.

#5about 1 minute

Leveraging OWASP resources like cheat sheets and ZAP

OWASP provides valuable resources for developers, including technology-specific cheat sheets and the ZAP penetration testing tool to identify vulnerabilities.

#6about 2 minutes

The danger of dependency confusion in NPM packages

Malicious NPM packages with the same name as private packages can be fetched from public registries, leading to severe security breaches.

#7about 2 minutes

Implementing security with native HTTP security headers

Use HTTP response headers like Content-Security-Policy to instruct the browser on how to handle resources, enhancing security for both dynamic and static sites.

#8about 2 minutes

Managing browser permissions and basic authentication

You can programmatically block access to sensitive browser APIs like geolocation and implement simple basic authentication for access control.

#9about 4 minutes

A practical demonstration of the nuxt-security module

See a live demo of the `nuxt-security` module automatically adding security headers, blocking XSS attempts, rate limiting requests, and enabling basic auth.

#10about 2 minutes

Introducing a new out-of-the-box security module for Next.js

A new security module is being developed for Next.js and React to provide the same easy-to-implement security features as its Nuxt counterpart.

#11about 1 minute

The goal is to make systems too difficult to break

Since no system is truly unbreakable, the primary goal of security is to make your application so time-consuming to compromise that attackers give up.

#12about 2 minutes

Answering questions on LLM injection and header implementation

The Q&A session covers the possibility of LLM injection attacks in future OWASP lists and clarifies the best practice of using server-level headers over `http-equiv`.