Talk Intermediate 10:00 - 12:00 August 13, 2023

Jim Manico

As we explore the digital world, client-side security risks, such as Cross-Site Scripting (XSS) and unintended privileged information leaks, remain significant concerns. These challenges have long troubled web application developers, underscoring the need for evolving security practices.

ReactJS, a prominent framework in today's tech landscape, has taken strides to mitigate such threats, offering automatic defenses against Cross-Site Scripting. However, building secure ReactJS applications requires in-depth knowledge and specialized expertise.

In this presentation, we will delve into the realm of general-purpose Cross-Site Scripting defense and various client-side security strategies within the ReactJS framework. ReactJS developers of all levels are invited to join us as we explore advanced techniques and practical recommendations that can elevate your approach to ReactJS security.

Our discussion will cover several important topics:

  • Understanding the React Component Attack Surface
  • Handling Unescaped Props and Types
  • Exploring the Use of dangerouslySetInnerHTML
  • Properly Handling JavaScript URLs in the React Context
  • Integrating CSS Styled-Components with React
  • Navigating JSON Embedding and React
  • Unraveling React's Automatic Defenses
  • Mastering Manual Defense Techniques in React
  • Understanding React Lazy Loading and Access Control
  • Investigating React Template Injection
  • Exploring Server-side Rendering in React

Join us for an informative session that aims to enhance your skill set and bolster your defense strategies for creating more secure ReactJS applications. Let's navigate the intricacies of ReactJS security together, empowering ourselves with advanced defense techniques to foster a secure environment for application development.

Jim Manico

Manicode Security, Founder and Lead Educator

Jim Manico is the founder of Manicode Security, training devs on secure coding. He advises/invests in companies like 10Security, MergeBase. A speaker, Java Champion, and author of "Iron-Clad Java." Active in OWASP, co-leading projects like ASVS.