Jakub Andrzejewski

Security in modern Web Applications - OWASP to the rescue!

Could a malicious NPM package give attackers a reverse shell into your system? Learn how this simple mistake compromised companies like PayPal, Microsoft, and Netflix.

Security in modern Web Applications - OWASP to the rescue!
#1about 3 minutes

Frontend developers now share responsibility for application security

Modern full-stack frameworks like Nuxt.js and Next.js shift security concerns from being backend-only to involving frontend developers.

#2about 3 minutes

Why security is often neglected in development

The push to deliver features quickly often leads development teams to overlook critical aspects like security, performance, and accessibility.

#3about 2 minutes

Understanding the OWASP Top 10 for web security

The OWASP Top 10 is a standard awareness document that provides a starting point for understanding the most critical web application security risks.

#4about 3 minutes

Common web application threats like injection and DoS

Explore common vulnerabilities from the OWASP list, including SQL injection, cross-site scripting (XSS), broken access control, and denial-of-service (DoS) attacks.

#5about 1 minute

Leveraging OWASP resources like cheat sheets and ZAP

OWASP provides valuable resources for developers, including technology-specific cheat sheets and the ZAP penetration testing tool to identify vulnerabilities.

#6about 2 minutes

The danger of dependency confusion in NPM packages

Malicious NPM packages with the same name as private packages can be fetched from public registries, leading to severe security breaches.

#7about 2 minutes

Implementing security with native HTTP security headers

Use HTTP response headers like Content-Security-Policy to instruct the browser on how to handle resources, enhancing security for both dynamic and static sites.

#8about 2 minutes

Managing browser permissions and basic authentication

You can programmatically block access to sensitive browser APIs like geolocation and implement simple basic authentication for access control.

#9about 4 minutes

A practical demonstration of the nuxt-security module

See a live demo of the `nuxt-security` module automatically adding security headers, blocking XSS attempts, rate limiting requests, and enabling basic auth.

#10about 2 minutes

Introducing a new out-of-the-box security module for Next.js

A new security module is being developed for Next.js and React to provide the same easy-to-implement security features as its Nuxt counterpart.

#11about 1 minute

The goal is to make systems too difficult to break

Since no system is truly unbreakable, the primary goal of security is to make your application so time-consuming to compromise that attackers give up.

#12about 2 minutes

Answering questions on LLM injection and header implementation

The Q&A session covers the possibility of LLM injection attacks in future OWASP lists and clarifies the best practice of using server-level headers over `http-equiv`.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Selecting strategic partners and essential event tools
03:17 MIN

Selecting strategic partners and essential event tools

Cat Herding with Lions and Tigers - Christian Heilmann

Organizing a developer conference for 15,000 attendees
01:32 MIN

Organizing a developer conference for 15,000 attendees

Cat Herding with Lions and Tigers - Christian Heilmann

Using content channels to build an event community
04:49 MIN

Using content channels to build an event community

Cat Herding with Lions and Tigers - Christian Heilmann

Increasing the value of talk recordings post-event
04:57 MIN

Increasing the value of talk recordings post-event

Cat Herding with Lions and Tigers - Christian Heilmann

Balancing the trade-off between efficiency and resilience
03:38 MIN

Balancing the trade-off between efficiency and resilience

What 2025 Taught Us: A Year-End Special with Hung Lee

Rapid-fire thoughts on the future of work
02:44 MIN

Rapid-fire thoughts on the future of work

What 2025 Taught Us: A Year-End Special with Hung Lee

The industry's focus on frameworks over web fundamentals
11:32 MIN

The industry's focus on frameworks over web fundamentals

WeAreDevelopers LIVE – Frontend Inspirations, Web Standards and more

Developing resilience by expanding your capacity for failure
04:57 MIN

Developing resilience by expanding your capacity for failure

What 2025 Taught Us: A Year-End Special with Hung Lee

Featured Partners

Related Videos

See all videos
Cross Site Scripting is yesterday's news, isn't it?30:54

Cross Site Scripting is yesterday's news, isn't it?

Martina Kraus

Bullet-Proof APIs: The OWASP API Security Top Ten25:46

Bullet-Proof APIs: The OWASP API Security Top Ten

Christian Wenz

101 Typical Security Pitfalls28:41

101 Typical Security Pitfalls

Alexander Pirker

What The Hack is Web App Sec?24:01

What The Hack is Web App Sec?

Jackie

Security Pitfalls for Software Engineers27:32

Security Pitfalls for Software Engineers

Jasmin Azemović

Friend or Foe? TypeScript Security Fallacies27:41

Friend or Foe? TypeScript Security Fallacies

Liran Tal

Hack-Proof The Node.js runtime: The Mechanics and Defense of Path Traversal Attacks27:10

Hack-Proof The Node.js runtime: The Mechanics and Defense of Path Traversal Attacks

Sonya Moisset

Programming secure C#/.NET Applications: Dos & Don'ts33:29

Programming secure C#/.NET Applications: Dos & Don'ts

Sebastian Leuer

Related Articles

View all articles
DC
Daniel Cranney
Understanding and Mitigating Common Web Vulnerabilities
Vulnerabilities exist in many forms on the web, and attackers continue to find creative ways to exploit them. Technological advances like the proliferation of AI are of course exciting nd filled with opportunities, they equally present opportunities ...
Understanding and Mitigating Common Web Vulnerabilities

From learning to earning

Jobs that call for the skills explored in this talk.