-
Book Overview & Buying
-
Table Of Contents
React Application Architecture for Production - Second Edition
By :
Authentication tells us who users are, but security is about protecting them and our application from malicious attacks. Even with perfect authentication, our application can be vulnerable to attacks that steal data, hijack user sessions, or execute malicious code.
Web applications face many security threats, but two of the most common are Cross-Site Scripting (XSS) attacks and missing security headers. XSS attacks inject malicious scripts into our application, while missing security headers leave our application vulnerable to various browser-based attacks. Let's look at how to protect against these threats.
Cross-Site Scripting (XSS) is one of the most common web security vulnerabilities. It happens when an attacker injects malicious JavaScript code into our application, which then executes in other users' browsers. For example, if a user can submit content that includes <script> tags and we display that content without sanitization...