Building Secure ReactJS Apps - Mastering Advanced Security Techniques

Explore advanced security techniques for ReactJS applications in this comprehensive conference talk that addresses critical vulnerabilities including Cross-Site Scripting (XSS), content injection, and data leaks. Learn to navigate beyond React's built-in security measures by mastering defensive coding techniques across ten essential security domains: cross-site scripting prevention, handling dangerous URLs, secure HTML rendering, JSON security, dangerous styles mitigation, secure native DOM access, access control implementation, dependency management, open redirect prevention, and server-side rendering security. Discover how to leverage tools like DOMPurify for sanitization, implement proper prop validation, safely use dangerouslySetInnerHTML, secure user-submitted URLs, enhance security with CSS styled-components, manage JSON integration securely, implement lazy loading with access controls, and prevent template injection vulnerabilities. Gain practical insights into the AI secure code generation lifecycle, examine React's security landscape, and understand how to build robust defense mechanisms against modern web application threats through hands-on demonstrations and real-world examples.

Syllabus

00:00 Intro
02:28 Agenda
03:11 AI secure code generation lifecycle
07:03 What is React & what are the top security domains
08:31 R1: Cross site scripting
11:47 React security domains
11:58 R1: XSS
16:48 R2: Dangerous URLs
20:54 R3: Rendering HTML
23:56 R4: Securing JSON
25:49 R5: Dangerous styles
27:47 R6: Insecure native DOM access
30:04 R7: Access control & exposed failures
35:35 R8: Vulnerable & outdated versions & dependencies
37:43 R9: Open redirects
39:09 R10: Insecure server-side rendering
40:32 Demo
42:16 Outro