Attack and Defend: The Dangers of Modern Distributed Applications

 My notes:

• Modern application: API Gateway
• Certificate transparency for discovery web target
• JWT web token at https://jwt.io/
  
• OAuth/bearer token Vs session cookies
• OAuth Phantom token, Split token
  
• Static File storage, CDN
  
• Evil JQuery Javascript, https://github.com/JohnHoder/Javascript-Keylogger
• script integrity and crossorigin  attributes at https://www.srihash.org/  
• Monolith VS distributed web architecture 
  

Links:

• https://certificate.transparency.dev/ 
• https://sslmate.com/certspotter/