In this meeting, the State Changers primarily discussed web application security concerns and methods of improving web protection. The meeting's key points include:
1. Discussion on Minification and Uglification: These are techniques to reduce the size of a web application's code and scramble it for increased obscurity. These measures add to the inconvenience for any potential malicious actors but don't necessarily add to overall security.
2. User Experience: Prioritization was suggested for an excellent user experience when building web and native applications. This includes an easy interaction, quick and effective issue resolution system, and user-friendly design.
3. Backend Security: The meeting emphasized the importance of backend security, mentioning issues related to it.
4. Token Security: Discussion on utilizing cryptographically secure tokens frequently refreshed to ensure authorized access. Mention of OAuth, strong passwords, two-factor authentication, and refresh token flow were part of this conversation.
5. Specific Security Measure: Using tools like OWASP for web application security was suggested.
6. Short Lifespan Tokens: The State Changers also talked about the use of short lifespan access tokens in web applications. For instance, Xano had a default lifetime of around 24 hours for their tokens.
(Source: Office Hours 1/20 )