Upgrade to Pro — share decks privately, control downloads, hide ads and more …

React with Caution: How to Hack Your React App ...

Sponsored · Ship Features Fearlessly Turn features on and off without deploys. Used by thousands of Ruby developers.

React with Caution: How to Hack Your React App (And Fix It Too)

React has your back, at least on paper. With almost no CVEs in recent years, React Core stands out as one of the most secure frontend frameworks available. But security isn’t automatic.

In this practical, hands-on session, Ramona will actively hack a React application to expose real-world threats like XSS, injection attacks, and subtle frontend vulnerabilities. You’ll learn where React protects you by default, where it doesn’t, and how to become the final line of defense for your users.

Avatar for Ramona Schwering

Ramona Schwering

June 17, 2026

More Decks by Ramona Schwering

Other Decks in Technology

Transcript

  1. @leichteckig React with Caution ommon urnerabilities (&) xposures NPM issues

    Axios CVE-2026-40175 ua-parser-js CVE-2021-27458 The Supply Chain.
  2. @leichteckig React with Caution ommon urnerabilities (&) xposures NPM issues

    AI stuff Axios CVE-2026-40175 ua-parser-js CVE-2021-27458 The Supply Chain.
  3. @leichteckig React with Caution ommon urnerabilities (&) xposures NPM issues

    AI stuff ReDOS Axios CVE-2026-40175 ua-parser-js CVE-2021-27458 The Supply Chain.
  4. @leichteckig React with Caution ommon urnerabilities (&) xposures NPM issues

    AI stuff ReDOS Axios CVE-2026-40175 ua-parser-js CVE-2021-27458 react-refresh Typo-Squatting Attack The Supply Chain.
  5. @leichteckig React with Caution Check your dependencies! Only trusted packages

    Vet your AI code Utilize lockfiles Use behavioral scanners +npm audit
  6. @leichteckig React with Caution Audit supply chain Validate route parameters

    Lock down with CSP Sanitize raw HTML Mind OWASP Vet AI (agent’s) code