Overview
Explore a cutting-edge approach to securing web applications against token theft in this 18-minute JSConf talk. Delve into the challenges of securely storing and retrieving authentication and authorization tokens in browsers, despite the robust framework provided by OAuth 2.0. Learn about DPoP (Demonstrating Proof of Possession), an emerging standard that extends OAuth 2.0, offering an innovative solution to enhance token management security. Discover how this potential game-changer can significantly improve the safety of current web authentication and authorization mechanisms. Gain insights from Software Architect Shikhar Kapoor's 14 years of experience in building and scaling web applications. The talk covers an introduction to token theft, an explanation of DPoP, and a discussion on potential DPoP attacks, providing a comprehensive overview of this important web security topic.
Syllabus
Introduction
Token Theft
Depop
Depop Attacks
Taught by
JSConf