In this workshop, you discover best practices for building secure frontend applications. We investigate how to use and configure security mechanisms available in modern browsers. We explore what security measures are built into Angular and React, along with common mistakes that circumvent these protections. Additionally, we discuss scenarios that address frequent questions, including secure data storage in the browser and the use of OAuth 2.0 and OpenID Connect.


This course offers practical and immediately applicable security advice for architects and developers. Throughout the course, Philippe is available to answer any questions, including concrete scenarios applying to your own applications.
Concretely, we will cover the following topics:

Countering advanced XSS with Trusted Types

Using OAuth 2.0 and OpenID Connect in SPAs

Securing OAuth 2.0 tokens in JS frontends


This workshop consists of a mixture of lectures, demos, interactive quizzes, and hands-on labs. The lectures provide in-depth knowledge of attacks and defenses. The hands-on labs are conducted in a custom-built competitive training environment, allowing participants to gain hands-on experience with offensive and defensive technologies.



This security training specifically targets modern web developers. Anyone involved in building single-page applications (e.g., Angular, React) or managing development teams should be here. This training course is not just any training course. It is packed with in-depth and up-to-date content. We do not merely brush over a threat and defense but focus on the underlying cause and consequences. Why do we have this problem? Which mitigations are often used? Why are some ineffective? Which one is the current best practice? These are the questions that will be answered throughout the training.

To participate in this training, you should have development experience with single-page applications and the underlying APIs. Familiarity with the basics of security (e.g., simple XSS attacks) is helpful, but not required. The training will talk about Angular and React specifically, but also applies to other frameworks, such as EmberJS or Vue.js.

To participate in the lab sessions, participants need an internet-accessible laptop with a modern browser installed (E.g., Chrome, Firefox).

Frontend JavaScript frameworks such as Angular and React disrupt the traditional web security landscape, and finding reliable security advice is hard. This workshop provides Angular and React developers with the answers to all their security questions.

NDC Security 2020

Clarion Hotel Oslo

ABAX is the fastest growing SaaS company in Europe with HQ in Larvik, Norway. We develop software and hardware for the connected workspace bringing asset and vehicle tracking into the future. Our developers have built one, fully integrated software platform scalable for all future innovation services. All our hardware, and software are “plug and play” making it easy for our clients to become more efficient and eco-friendly. At ABAX there are 300 employees divided between sales, customer care, marketing, support, administration, quality and development with multiple nationalities in a great tech environment. We are happy sponsors of NDC and looking forward to see you next year, meanwhile you can join the adventure!

Abax

Aurum

Auth0

Avanade

Bekk

Bitraf

Bouvet

A global leader in consulting, technology services and digital transformation, Capgemini is at the forefront of innovation to address the entire breadth of clients’ opportunities in the evolving world of cloud, digital and platforms. Building on its strong 50-year heritage and deep industry-specific expertise, Capgemini enables organizations to realize their business ambitions through an array of services from strategy to operations. Capgemini is driven by the conviction that the business value of technology comes from and through people. It is a multicultural company of 200,000 team members in over 40 countries. The Group reported 2017 global revenues of EUR 12.8 billion.

Capgemini

Cloudberries

Computas

Dips

Eficode

Elastic

Ensō is an Oslo-based consultancy company with specialist expertise within Microsoft .Net, Java and project management. We do projects for both private and public enterprises within development of it-systems, architecture and consulting. Our ambition is to build Oslo’s best team of experienced consultants with proven domain and business knowledge. Ensō provides the help you need to solve your IT challenges. We participate with our specialists in your projects or we can take charge of the whole project.

enso

We use our competence and technology to provide energy to a growing population in a responsible manner. This guides us as we work towards a future where energy is affordable and sustainable for all.

Equinor

Ciber Experis

Folq

Forsta

Geodata

We are the European commercial support partner for IdentityServer. Providing a range of services and components to create or support you in delivering a robust single sign-on solution. From concept to production, we can provide value at any stage: complete custom solution, development support, and production support for existing solutions. We also have a wide range of production-ready components to enhance your IdentityServer solution: AdminUI, SAML2P, FIDO2, Key Rotation and many more.

Identityserver.com

Identity Stream

Inmeta Consulting takes a central part in the digitalization of Norwegian enterprises. Our headquarter is based in Oslo, in addition to our offices in Trondheim and Hamar. Our broad range of services includes advisory, big data & advanced analytics, cloud, systems development, project- and test mananagement, e-commerce and UX. We create business value together with our customers, by providing knowledge, experience and creativity.

inmeta

Innovasjon Norge

Intility is an industrialized and fully managed platform service utilized by more than 600 companies across 2000 locations in Norway and the rest of the world. Intility includes end-to-end responsibility for everything from local infrastructure and devices to an ever-growing ecosystem of integrated cloud services such as Microsoft Azure, Office 365 and Amazon Web Services. A secure and well-functioning platform is a prerequisite for companies that want to utilize IT to increase their own productivity and competitiveness. Intility provides satisfied employees and acts as a catalyst for companies that want to digitize their own core business.



Intility

With offices in Oslo, Bryne, Stockholm, Copenhagen, Kiev and Bratislava, Itera is delivering innovative solutions and services to Nordic and international businesses with local presence in the Nordic region. The Nordics has a highly educated mobile workforce, with many innovative businesses and organizations. Itera has worked in the region for over 15 years.

itera

At JetBrains, code is our passion. For over 15 years we have strived to make the strongest, most effective developer tools on earth. By automating routine checks and corrections, our tools speed up production, freeing developers to grow, discover and create.

Jetbrains

Knowit is a consultancy firm that creates unique customer value in a world of accelerating digitization, by offering international solutions in three divisions – Experience, Insight and Solutions. What sets us apart is our ability to combine expertise in design and communication, management consulting and IT.

Knowit

Kongsberg

Since 1975, Microsoft has empowered every person and organisation on the planet to achieve more. Imagination and innovation drives today’s technology. Our software, services, devices, and solutions help users realise their full potential in incredible new ways – from AI to the cloud, we want to help every software developer create fast and create smart. At NDC London 2020, we’ll be helping all software developers and businesses accelerate technical skills through the Microsoft Learn platform, plus Q&As and expert insights from Microsoft’s Most Valuable Professionals.

Microsoft

Miles

Nets is a leading provider of digital payment services in the Nordics. The company was founded in 2010 through a merger of the Danish company PBS and the Norwegian company Nordito (formerly BBS and Teller). The company’s origin, however, dates back to 1968, and payments have been at the core of our business ever since. Whilst our offerings to merchants, corporates, financial institutions, consumers and wider society may have evolved over time, digital payments of all types remain at the heart of everything we do. Nets forms the backbone of the Nordic payments ecosystem with solutions touching people’s everyday lives, often deeply embedded in society. 

Nets

Novanet is a consulting company that specializes in .NET architecture and development. We have a wide experience in web, desktop and mobile application development. Novanet delivers high quality services for our ambitious customers in the Oslo region.

Novanet

Okta

Palo Alto


Swedbank Pay
Swedbank Pay is an omnichannel platform, covering the entire spectrum of e-commerce and in-store payments. Our aim is to help people, companies and communities around us to grow by providing payment solutions for all occasions, regardless of the channels. Today, we are one of the leading companies in payment solutions with operations in Sweden, Norway, Denmark and Finland.

PayEx-SwePay

reMarkable

Sopra Steria, a European leader in consulting, digital services and software development, helps its clients drive their digital transformation to obtain tangible and sustainable benefits. It provides end-to-end solutions to make large companies and organisations more competitive by combining in-depth knowledge of a wide range of business sectors and innovative technologies with a fully collaborative approach. Sopra Steria places people at the heart of everything it does and is committed to making the most of digital technology to build a positive future for its clients. With 45,000 employees in 25 countries, the Group generated revenue of €4.1 billion in 2018. In Scandinavia, 2300 employees generated revenue of NOK 2.9 billion in 2018.

soprasteria

Systek


TechPros
The people in TECHPROS work with digital transformation and technology innovation. Our consultants design, develop, test and maintain software, apps, solutions and systems for several of the largest enterprises in the public and private sector in the Nordic region. We specialise in full stack system development, AI, machine learning, UX, IxD, VR/AR, testing/test development, data analysis/BI, security, test & project management and business development. We use a wide range of technologies and frameworks to help our customers to reach their strategic and business goals. In addition we use common sense, creativity and a solid dose of patience to solve tasks and issues in today’s solutions so they can become solutions for the future.



TechPros

Text Control

Veeam
Veeam® is the leader in Backup solutions that deliver Cloud Data Management™. Veeam provides a single platform for modernizing backup, accelerating hybrid cloud and securing your data. With 365,000+ customers worldwide, including 81% of the Fortune 500 and 66% of the Global 2,000, Veeam customer-satisfaction scores are the highest in the industry at 3.5x the average. Veeam’s global ecosystem includes 70,000+ partners, including HPE, NetApp, Cisco and Lenovo as exclusive resellers. Veeam was recently acquired by American Insight Partners and has offices in more than 30 countries. To learn more, visit https://www.veeam.com​ or follow Veeam on Twitter @veeam.​

Veeam

Visma

Vivende


Cisco
Cisco helps seize the opportunities of tomorrow by proving that amazing things can happen when you connect the unconnected. And, as a part of the Cisco portfolio, Webex Rooms connects people to productivity rather than getting in the way of it by promoting the ability for them to work where they want, when they want, and how they want to get stuff done. The world works better face to face, and whether there is a need to work remote or in-person, Webex Rooms delivers the collaboration tools for that authentic interaction. We are proud to have one of the largest R&D sites in Norway with over 400 employees, developing and designing collaboration tools!

Cisco Webex

Webstep

NDC Oslo 2021

Oslo Kongressenter

Philippe De Ryck specializes in making web security accessible to developers and architects, leveraging his Ph.D. from KU Leuven to inform his comprehensive understanding of security challenges. As the founder of Pragmatic Web Security, he provides practical security training and consulting services to organizations worldwide. 

His online course platform offers a self-paced approach to learning about security. Philippe also actively helps shape OAuth 2.0 best practices as the co-author of the best practices for browser-based apps specification. 

Philippe is recognized as a Google Developer Expert, acknowledging his contributions to web application and API security. He also organizes SecAppDev, an annual week-long application security course in Belgium.

A builder’s guide to Single Page Application security