Application Security has never been more relevant than in current times!

We will have two experts speaking about how we can improve security of our applications:

Martina Kraus (Kraus IT Consulting)

Protect your frontend: Why tokens in the browser are a bad idea

As frontend developers, we want to create smooth, user-friendly experiences, but security often takes a back seat to functionality. In this talk, we'll dive into JSON Web Tokens (JWTs) and why storing them in the frontend is a recipe for disaster. Using some real-world examples, we'll explore the risks of this practice, from token theft to session hijacking. As a solution, we will discuss the principles of the backend-for-frontend (BFF) model and how it can prevent your application from becoming a playground for hackers. By the end of this session, you will not only be convinced to keep JWTs out of your frontend, but you will also be equipped with practical strategies to improve your app's security without compromising performance.

Andreas Falk (Novatec Consulting)

OAuth 2.1 & OpenID Connect in Action: What’s New, What’s Secure, and What You Need to Know

OAuth 2.1 and OpenID Connect are the cornerstones of modern authentication and authorization, securing APIs and web applications across the internet. This talk provides a practical introduction to OAuth 2.1, the latest evolution of the OAuth framework, and OpenID Connect, the identity layer built on top of it. We’ll explore key concepts such as authorization flows, tokens, and scopes, while also diving into the latest security enhancements, including the recently published RFC 9700 (Best Current Practice for OAuth 2.0 Security), which updates and extends the threat model and latest security advice. Through live demos, we’ll look at secure OAuth 2.1 flows, OpenID Connect authentication, best practices like PKCE, and refresh token rotation.

And of course there will be Drinks and Pizza between the talks :)