Security in the age of web frameworks
Recorded at FSec in Varaždin, Croatia on
Web frameworks offer a structured approach to building web applications, reducing the need for repetitive tasks and allowing developers to focus on application logic rather than low-level details.
With them too often comes the beast with a billion backs: token leakage, which occurs when sensitive authentication tokens, such as session tokens or API keys, are unintentionally exposed to unauthorized parties. This can happen through various means, including insecure storage, transmission, or unintentional exposure in client-side code.
Or as the bard might say: abstraction leads to pain, pain leads to suffering, suffering leads to token leakage.