Modern Techniques for Securing Single Page Applications

Discussion Topics

Single Page Applications (SPAs) seem simple on the surface, using modern development stacks that streamline Web UI development and deliver rich user experiences. However, SPA security becomes more complicated when considering threats such as Cross-Site Scripting (XSS). The browser is a hostile place to execute code, so application developers must think about how the SPA should persist tokens since if they leak, you could end up with costly data breaches. Attempts to strengthen browser security can lead to other problems in areas such as user experience, developer productivity, deployment, and code complexity.

This whitepaper aims to solve the SPA security problem by exploring various web architectures, explaining threats, and recommending a standards-based solution called The Token Handler Pattern.

After reading this whitepaper you will better understand web security architecture design and the use of URLs and domains.

0%