Video: Enhance application security with the power of Backend for Frontend (BFF) and SPA Design

The complexity of application security requires both expertise and clarity. 

Indigo Consulting’s Chief Architect Paul Figura recently presented at the GoSec23 event in Montreal on Sept 13-14, where he covered how to design single page apps with a BFF to make API calls securely and prevent token hijacking.

Interested in learning more? This blog post captures the key points discussed by Paul during his presentation.

About Paul Figura

As the Chief Architect at Indigo Consulting Canada, Paul Figura has a deep background in Identity and Access Management (IAM). With years of experience, including collaborations with Fortune 500 companies. Paul brings a pragmatic approach to the challenges of IAM and application security.

Unpacking SPA and BFF

One of the key focuses Paul covered was the intricacies of Backend for Frontend (BFF) and Single Page App (SPA) design. 

Paul described the BFF’s role as an intermediary between user interfaces and API calls, ensuring strengthened authentication processes. He also addressed the strengths and challenges associated with these design approaches, too.

Enhancing Security with BFF

A key concern with SPA design is the vulnerability associated with storing access tokens directly in browsers. This is where BFF design shines as an effective solution. 

By introducing a BFF layer between the SPA and the API, the direct storage of access tokens in the browser becomes unnecessary. Instead, the BFF oversees the authentication procedure, facilitating a secure bridge between the SPA and the API. This approach minimizes the risk of token interception and misuse by unauthorized parties.

Want to See the Full Presentation? Watch Below

Are you an industry professional looking for a roadmap to understand and implement BFF and SPA designs at your company? Don’t miss out on the many insights Paul Figura shared at GoSec23.

Click here or watch below to see the complete presentation and gain more insights from Paul’s GoSec23 session.
Stay informed and elevate your application security game.