Skip to main content Link Menu Expand (external link) Left Arrow Right Arrow Document Search Copy Copied

Basic Security for Web Development

web-security

Image retrieved from hcamag.com

When building a web application, it is essential to consider how to restrict access to your application, protect sensitive user data and prevent security attacks. Tackling these three concerns early on in the development of your website will help you create a secure web application that meets the current standards of web security. Web security can be defined as system of protection measures and protocols that can protect your web application from being hacked or entered by unauthorized personnel. With cybersecurity attacks on the rise, web security measures are now more important than ever to protect web applications from becoming compromised.

In this learning module, we will learn how developers can take preventative measures to protect their web applications. Making website security a top priority can save time and money in addition to protecting your brand reputation. We will start by learning how to request SSL certificates from UTS and add them to a dockerized Next.js single-page application (SPA). We will also cover authentication using the Microsoft Azure Active Directory and the Microsoft Authentication Library for React (msal-react) to enable single sign-on (SSO) via MacIDs. We will use HTTP security headers to protect our web application against common security attacks such as cross-site scripting, clickjacking and code injection. Lastly, we will learn how to securely save data to the browser’s local storage using the react-secure-storage library.

No previous experience with the Azure AD is required. Familiarity with TypeScript, React, Next.js., Docker and Nginx will be helpful.

Prerequisites

  • A server to host your SPA
  • A dockerized Next.js application. You can follow the Docker Tutorial to familiarize yourself with Docker and create a dockerized Next.js application