Securing a modern JavaScript based single page web application
Modern web apps are often single page web apps. The heavy HTML-generating backend is replaced by JavaScript, JavaScript frameworks like Backbone.js and templating languages like mustache.js or underscore.js. Data is transferred via RESTful JSON services. We are moving functionality normally implemented on the server to the browser. Sometimes we even implement the backend using JavaScript. What kinds of security problems can occur if we do this incorrectly? How do we mitigate the security problems found in these applications?
Topics covered -