Skip to content

Security Meetup @ Connectory by Bosch

Photo of Marcel Bagemihl
Hosted By
Marcel B. and 2 others
Security Meetup @ Connectory by Bosch

Details

Application Security has never been more relevant than in current times!
We will have two experts speaking about how we can improve security of our applications:

Agenda:
18:00 - 18:30
Welcome and Intro

18:30 - 19:15
Martina Kraus (Kraus IT Consulting)
Protect your frontend: Why tokens in the browser are a bad idea

As frontend developers, we want to create smooth, user-friendly experiences, but security often takes a back seat to functionality. In this talk, we'll dive into JSON Web Tokens (JWTs) and why storing them in the frontend is a recipe for disaster. Using some real-world examples, we'll explore the risks of this practice, from token theft to session hijacking. As a solution, we will discuss the principles of the backend-for-frontend (BFF) model and how it can prevent your application from becoming a playground for hackers. By the end of this session, you will not only be convinced to keep JWTs out of your frontend, but you will also be equipped with practical strategies to improve your app's security without compromising performance.

19:15 - 1945
Food & Drinks

19:45 - 20:30
Andreas Falk (Novatec Consulting)
OAuth 2.1 & OpenID Connect in Action: What’s New, What’s Secure, and What You Need to Know

OAuth 2.1 and OpenID Connect are the cornerstones of modern authentication and authorization, securing APIs and web applications across the internet. This talk provides a practical introduction to OAuth 2.1, the latest evolution of the OAuth framework, and OpenID Connect, the identity layer built on top of it. We’ll explore key concepts such as authorization flows, tokens, and scopes, while also diving into the latest security enhancements, including the recently published RFC 9700 (Best Current Practice for OAuth 2.0 Security), which updates and extends the threat model and latest security advice. Through live demos, we’ll look at secure OAuth 2.1 flows, OpenID Connect authentication, best practices like PKCE, and refresh token rotation.

20:30 open discussion and socializing :)

Events in Stuttgart, DE
Photo of GDG Stuttgart group
GDG Stuttgart
See more events
GDG Stuttgart
Photo of GDG Stuttgart group
Connectory Stuttgart
Königstr 78 · Stuttgart
Photo of GDG Stuttgart group
GDG Stuttgart
public group