PWA security and privacy research
D
David Baunach
We need to start taking security and privacy into account for the PWA. This task is to do some basic research to find out what the security and privacy weaknesses of PWAs are, and what are some practices we can implement to improve the app. Future steps would include testing and auditing, but this task is just research.
Fr David Baunach
Link dump of initial research:
- https://dbushell.com/2020/06/08/pwa-web-crypto-encryption-auto-sign-in-redux-persist/
- https://dev.to/azure/27-best-practices-for-pwa-authentication-29md
- https://medium.com/pwabuilder/pwa-auth-a-new-sign-in-component-for-the-modern-web-e8c0257273f0
- https://www.mckennaconsultants.com/securing-tokens-in-a-progressive-web-app/
- https://security.stackexchange.com/questions/220529/can-2fa-mfa-be-secure-functional-in-a-purely-offline-state-pwa
- https://www.koombea.com/blog/pwa-security/
- https://blog.nviso.eu/2020/01/16/deep-dive-into-the-security-of-progressive-web-apps/
- https://www.reddit.com/r/webdev/comments/fjiue6/how_to_secure_a_pwa_offline/