Securing Single Page Applications (SPA)

Talks Oct 15, 2016

NULL Hyderabad chapter's October security meet was hosted at Progress Software, Hyderabad on 15th October. I was given the opportunity to present on a topic of my choice. After a lot of deliberation, I have decided to present on Securing Single Page Applications (SPA). Of late SPAs have been on the rise and I have been reviewing some of them at work as well. Thought of sharing my learning with the community. Hopefully, it could be of some use to devs/pentesters around.

Frankly, I hate giving a talk without a practical demonstration of what I want to present. I believe All gyan and no demo makes Jack a dull audience ;) Thanks to my mentors (former Technical Evangelists at Microsoft) for inculcating this habit. When I have to give talks on a short notice (<=2 days), I select a topic for which I can create a quick demo. I don't get time to prepare slides and in fact I prepare them when my previous speakers are on stage. This time, I was informed about a week in advance but I was tied up with office work. I have spent whatever time I had on preparing demos and on the day of the meet nothing has changed :)

Nevertheless, I have managed to put some slides and polished them post my talk so that they make sense for those who could not attend. Here you go:

Even before my talk, we had security news bytes covered by Hemanth. As always, this time too it was an interactive discussion on the latest security threats. Post that, there was WiFi security session by Hruday Charan. This guy is a 17 year old college student and he already has deep hands-on knowledge on his topic. The next session too was given by a college student Prashanth on OAuth security. I seriously envy this generation kids. They have the resources to learn, amazing determination to grow and also a stage like NULL community to showcase their talent. I am sure these guys will reach great heights in their careers, given that they continue the perseverance & passion.

On the whole, it was a great meetup with good learning and networking with security geeks. Hope to continue the tech fun in the next meet. If you are in and around Hyderabad, stay tuned to @nullhyd for updates on the next meet.