Loading…
AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***
Friday, July 6 • 11:45am - 12:30pm
Programming Language Agnostic Cross-Application CSRF Protection LIMITED

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

Xing is a European career-oriented social networking platform. While appearing as a single website to the visitors, internally it's more than a hundred of separate web applications interacting with each other, most of them built using Ruby on Rails.
We discovered that the Rails' built-in CSRF prevention mechanism doesn't work between multiple applications and causes too many exceptions affecting the visitors when combined with single page application frameworks like React.
 In the first part of the talk we'll explore the problems arising from applying a CSRF protection built for classic monolithic web applications to a single page application and microservice architecture. The second part is a detailed description of the alternative language agnostic self-recovering CSRF prevention mechanism we developed to address the issues, followed by a live demo.

Speakers
avatar for Egor Balyshev

Egor Balyshev

Software Architect, XING SE
Egor Balyshev has been developing software for 17 years, primarily focusing on web based applications. For the last 3 years he has been working as a software architect at XING, a career-oriented social networking website. | | His topics of interest include distributed systems, user... Read More →


Friday July 6, 2018 11:45am - 12:30pm
St James- 4th Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE

Attendees (34)