With new tools like Angularjs and Nodejs, it is easier than ever to build User Interfaces for the systems that you manage. But how to do it securely? Web browsers are woefully insecure, and hand-rolled APIs are risky.
JSON Web Tokens (JWTs) are being prescribed as a panacea for webapp security, but you need to know your security basics before you can implement them with peace of mind. JWTs are a great mechanism for persisting authentication information in a verifiable and stateless way, but that token still needs to be stored somewhere.
In this talk, Robert Damphousse, lead front-end developer at Stormpath, will explain the security loopholes in web browsers, and what you can do about them keeping your JWTs safe and secure. Topics covered include:
Robert will demonstrate these points with a simple single-page-application, built with Angular.js, and backed by a REST API.
Robert Damphousse is the Lead Front-End Developer at Stormpath.