React Under Attack: Uncovering Web Vulnerabilities and Securing Your Apps

About this talk

Last month we witnessed one of the most critical vulnerabilities in React history — a 10/10 CVSS score that allowed anonymous remote code execution. In this talk, we explore how some major companies were hacked in the past and dive into a live demonstration of how a real web application is compromised, uncovering the threats that could easily impact your own projects. From the anatomy of a real exploit to the security systems that could have stopped it, the goal is to leave every React developer better equipped to reason about the security of the apps they ship.

Key takeaways

• How the recent critical React vulnerability (CVSS 10/10) worked and why it mattered
• Common vulnerability classes that React apps are exposed to without proper security controls
• A live hack demo: watching a guinea pig app get compromised step by step
• Practical patterns to harden React applications and reduce your attack surface