2025-11-19 –, Stage 1 (first floor)
Frontend developers strive to deliver smooth user experiences, but security is often sacrificed for functionality.
In this talk, we take a close look at JSON Web Tokens (JWT) and the risks of storing them in the frontend – from token theft to session hijacking.
Through hands-on examples, you'll learn why this practice is insecure and how the Backend-for-Frontends (BFF) architecture can help protect your application. You'll be convinced to ban JWTs from the frontend and will walk away with practical strategies to boost your app's security without compromising performance.
Basic
Martina Kraus has been active in the world of web development since her early years and has gradually become an expert in web security. As an Security Engineer, she focuses on integrating security best practices into all phases of software development. In her role as a Google Developer Expert (GDE) in Angular, she enjoys sharing her knowledge of Angular security at both national and international conferences. She also regularly organizes ngGirls events (free Angular workshops for women) and is currently writing a book in German about authentication and authorization in web applications.