Web Fortified: Best Practices for Web App Security

This ad is not shown to multipass and full ticket holders
React Summit US
React Summit US 2025
November 18 - 21, 2025
New York, US & Online
The biggest React conference in the US
Learn More
In partnership with Focus Reactive
Upcoming event
React Summit US 2025
React Summit US 2025
November 18 - 21, 2025. New York, US & Online
Learn more
Bookmark
Rate this content

In today's world, prioritizing your application's security is crucial. All the data stored in it should be kept safe and protected, just like the inhabitants of a fortress that rely on high walls for their defense. However, history and movies have shown that even the most robust walls can't withstand an attack if weak points can be exploited. This is also true for VueJS applications.


Join me for a concise, practical session on fortifying your Vue.js apps against security threats and implementing best practices.

This talk has been presented at JSNation 2024, check out the latest edition of this JavaScript Conference.

FAQ

Ramona Schwering uses the analogy of a fortress to explain web application security, emphasizing the importance of protecting valuable data and features from external threats.

The top three security risks mentioned are broken access control, cryptographic failures, and injection attacks.

Broken access control is a security risk related to improper authorization mechanisms, allowing unauthorized users to access restricted resources.

Displaying generic error messages (e.g., 'Either username or password is wrong') prevents attackers from knowing which specific part of the login credentials is incorrect, making brute-force attacks more difficult.

Injection is a security risk where untrusted input is supplied to a program and processed by an interpreter, leading to the execution of malicious code. Examples include SQL injection and cross-site scripting (XSS).

Best practices to prevent injection attacks include never using untrusted content as component templates, using proper escaping of content, and ensuring user-provided data is validated, filtered, or sanitized.

Keeping NPM packages up to date is crucial to avoid vulnerabilities, as outdated packages may have known security issues that can be exploited by attackers.

Ramona Schwering recommends resources such as the HTML5 best practices page and the OWASP project for comprehensive web security best practices.

The speaker is Ramona Schwering, a developer advocate at Auth0, a Google Developer Expert in Web Technologies, and a Cypress Ambassador.

The main topic of the talk is web security and how to keep web applications secure from various threats.

Ramona Schwering
Ramona Schwering
22 min
17 Jun, 2024

Comments

Sign in or register to post your comment.
Video Summary and Transcription
This Talk, titled 'Fortify or App Fortified', discusses the concept of treating your application as a fortress to protect it from outside threats. It highlights the importance of web application security and the risks associated with broken access control, injection, and cryptographic values. The Talk also emphasizes the need to apply best practices and use frameworks' security features. Additionally, it addresses the security concerns related to user-provided URLs, style injection, and JavaScript injections. The summary concludes by emphasizing the importance of keeping dependencies updated and following best practices to ensure project security.

1. Introduction to Web Security and Fortresses

Short description:

Hello, everyone. I'm so glad to be here at JS Nation this year and talk about web security and how to keep your app as a fortress. My name is Ramona Schwering, a developer advocate at Auth0 and a Google Developer Expert in Web Technologies. This talk is called Fortify or App Fortified. Try to see your app as a fortress. Let's explore the concept of fortresses through movies, like Lord of the Rings, where a fortress called Helms Deep serves as a refuge. However, even with a disclaimer of never being conquered, a weak point was exploited.

Hello, everyone. I'm so glad to be here at JS Nation this year and talk about one topic, which is really close to my heart. It's web security and how to stay safe in the world of dangerous enemies, attackers, you name it, because there are lots of dangers out there in the web.

And yeah, I want to show you how to keep your app as a fortress. But before that, real quick, my name is Ramona, Ramona Schwering. I'm working as a developer advocate at Auth0. And besides that, I'm a Google Developer Expert in Web Technologies and a Cypress Ambassador. So you might already have met me before talking about testing, but there are more and other really important topics to talk about, and it's security for this time.

Okay, so this talk is called Fortify or App Fortified. Try to see your app as a fortress. And if you think about fortresses, what do they do normally? Well, even if it's like a building you see in environment, if you travel or in movies, they protect something precious. And yeah, movies are actually the place where I saw fortresses a lot. And this little screen here has been taken from a movie I really enjoy. It's called Lord of the Rings. You might have heard about it. It's about a journey of a hobbit who needs to destroy a certain ring. And it's a trilogy. So there are three films, and especially the second one, the second part, I really enjoyed a lot, no matter if it was a book or the movie, like the one called Two Towers. And there's a fortress called Helms Deep in it. And it is meant as a refuge. So it's meant to protect all of Ulthuan, which are the people of Rohan, so like a region or country in the furthest meaning, I think. They should be protected from the assault of the Zaruman forces. And they had a disclaimer that it was never conquered. Well, never conquered, 100% security. I guess we heard it before at some point, right? Well, back to the fortress. You can guess, it didn't hold true. At least a part of the fortress didn't hold. And of course, as it's in movies, it's almost a cliche. It's again the Kilmaryr the Sear, which was a weak point. Hello, Devstar? It was the same as that was too.

2. The Importance of Protecting Your Application

Short description:

There's no fortress which is secure all the time. Your application's protection can be regarded as a fortress, where you want to protect everything inside against outside threats. We should always be doubtful and really, really careful.

So they have a cover being a weak point. And if you regard the books, they didn't even need it, as there's a gutter to take. And this led them to basically have the big first wall being blown off. And they almost have been overwhelmed. So yeah, there's no fortress which is secure all the time.

Why do I tell you that? So your application's protection can be regarded as a fortress, where you want to protect everything what's inside against outside threats. May it be data, may it be the features which you would like to have paid users or anything precious. And there's lots of precious things inside of a web application, right? So yeah, we should regard our application as a fortress.

And no matter if we are at Lord of the Rings, either in movie or media, or in the real world, the world is changing a lot. More vulnerabilities are coming up. So we should always be doubtful. Like Theodin is. That if we say a fortress or an application has never been fallen or attacked or hacked, we should be doubtful and really, really careful. Even if it was a late lesson for Theodin. We should never feel too safe.

3. Web Application Security and OWASP

Short description:

To keep our web application secure, we need to consider the dangers and risks. OWASP provides a top 10 ranking of security risks, and the first one is broken access control. As front-end developers, we can improve security by displaying generic error messages for authentication and implementing rate limits. Third-party libraries like Auth0 can also be used. Broken access control, cryptographic values, and injection are important for front-end development.

So if we think about how to keep our web application secure, the first thing we need to think about are what are the dangers we need to keep our app safe, right? What are the most dangerous risks in web? Well, fortunately, there's a project which helps us a lot. It's the Open Worldwide Application Security Project or OWASP in short. And their goal is to raise security in web. And at a certain rhythm, they publish a top 10 ranking of the most important security risks. And I think the last ranking was in 2021. But please correct me if I'm wrong there.

And in it, we will take a look at the top three, because they are most significant and most important to take a look at, especially as we want to take a look at like the low-hanging fruit or like some small but easy to apply best practices to keep your application secure. So let's have a little spoiler alert. One of those three points is the most important for us in front of it, but the others are important too. So the rank one, that's something I want to cover because it's the first place in the ranking. It is important and there's something we as front-end developers can do.

It's the one of broken access control. This point is dealing with security risk in authorization. And as authentication is the first step to authorization because you need to know who you are, like who your users are inside of your application to know what can be allowed for it or what permission can be given to it. And yeah, as there are just a few front-end points to take a look at in an easy way. It's not the complete focus of this talk, but let me mention the first easy improvement. It's displaying generic error messages for authentication. Imagine you have a login form. Someone enters invalid credentials and you say like, oh, your password is wrong. This is not that idea because if the attacker sees this error message, he knows that the password is the thing you need to brute force. Like you just need to try out some other passwords because you know it's a password. So let's think of a generic error message like either username or password is wrong. So the attacker doesn't know what exactly is wrong inside of this login form, which helps us to be a little more secure. And as I said, being DDoS, we should think about a rate limit. So an attacker could just not like spam your application with all possible passwords, right? Having a little timer or like a rate limit where you like lock your application will help you a lot keeping your user secure. If you don't want to take a look at this point completely by yourself, you can think about using third-party libraries like Auth0, for example. Or of course, you could build it yourself if you are brave enough. There are examples to introduce, for example, JWT tokens for token-based authentication inside of applications, but there are plenty more. In front-end context, though, there's one point of the three, like being broken access control, cryptographic values, and injection, which is especially important for us front-end devs. So I guess you already saw it.

4. Injection Risks and Prevention

Short description:

Injection is the risk of an attacker supplying untrusted input to a program, which can be executed as malicious code. Attacks like cross-site scripting (XSS) and SQL injections can occur when user-supplied data is not properly validated, filtered, or sanitized. To prevent these attacks, never use non-trusted content as your component template. Only add trusted content that you control.

I want to talk about injection. Injection is actually the risk of an attacker supplying untrusted input to a program, which means in detail that the input may be delivered by an input field or other angles gets processed by an interpreter as a part of a command or a query. And this leads for this malicious input to be executed like your own program code. So it also is the execution of that problem basically. And those attacks include cross-app scripting or XSS2, could be SQL injections where you have the angle of a query or more.

And those injections could happen if data, which is supplied by the user, as example, an input field, is not validated, filtered, or sanitized, or you have dynamic queries or non-parameterized calls without context that we're escaping. So they are used directly inside of your interpreter. So it's pretty obvious why this is an important attack angle by a client or a front-end parts of your application.

So how can we prevent them? So most fundamental, and I really need to stress that, never ever use non-trusted content as your component template. If you're using, for example, Vue.js, which I will use as an example throughout the talk, but I try to be as agnostic as possible. But if you're using React or Angular, Swift, or any other framework, look that up. It wouldn't be that different, because if you use non-trusted content or content you can't control as your component template, it will be equivalent to allowing arbitrary or JavaScript execution inside of your application. I know that in Vue.js context especially, a template will be compiled into JavaScript. And all expression inside of those templates will be executed as a part of the rendering process. So please don't do this. Just don't. Only add trusted content, which is controlled and trusted by you.

5. Framework Security Features and Best Practices

Short description:

Your framework can provide some security features, such as preventing injection through proper escaping of content. However, relying solely on the framework is not enough. It's crucial to apply best practices and build your application with security in mind.

And please don't expect your framework to do heavy lifting, because there are some features your framework, maybe Vue, React, Angular, will help you be protected. But it's impractical, especially on a performance standpoint, for your framework to do all the lifting for you. Nevertheless, your framework might be a first line of defense you might need to take a look at. As said, I will use Vue.js as an example, because I'm a Vue developer, but you can easily look it up for React or Angular, what they are, provide you as features for security. So, which measures can a framework already provide by themselves? At the example of Vue right now. Let's take a look. So, injection is easily prevented by using proper escaping of content, for example. So, escaping script strings, special characters. So, script tags, like I'm having here, like down below this bottom code snippet, cannot be executed in any way. And if you use a user-provided string in Vue, which contains the script mentioned in this regard, it will be escaped to this. So, the script is not there anymore, it's escaped. And this will prevent script injection. In the case of Vue, the escaping is done using native APIs, like TextContext. And a similar thing is being done with attribute binding in Vue. So, bottom line is, if your framework is providing you functionality for escaping user-supplied input data, please use it. As said, your framework might do already a lot of providing security features, but it cannot be the only thing you rely upon, as it's just too much to ask. So, it will always be the case that the most important protection is you yourself. So, I'm aiming at how you build your application or how you apply standards and some best practices. So, let's take a look at some practices and things to consider, which will help you raise the security inside of your application kind of fast.

6. URLs, Style Injection, and JavaScript Injections

Short description:

User-provided URLs can pose security risks, such as phishing or leading to malicious websites. Use a library like sanitizeURL to sanitize user-provided URLs. Remember to sanitize URLs in the backend before saving them to the database. Be cautious as URLs can navigate to unsafe destinations. Style injection can be a security concern, such as UI redress attacks. Limit user-provided styles to a sandbox or safe environment. Avoid JavaScript injections by not accepting Strings.js in templates and render functions.

Let's consider adding links by binding the href attribute. So, I'm actually talking about user-provided URLs, which could contain wrong Vue directions or JavaScript embed, like here. Cases I could think of in this regard might be connected to phishing, by constructing and entering a URL inside of your application leading to a malicious website, or a reflected course subscription.

So, there's a URL being displayed in the web application. But an attacker will add some JavaScript to the URL. Again, sanitizing will help you a lot in skipping. So, you could think about using libraries such as sanitizeURL to help you. I guess I will put it into a tweet, so you can find it even more, because I see I didn't add a QR code. But do not forget your backend, too, as your backend should always sanitize user-provided URLs before even being saved to a database. And last thing, but still important, be aware that URLs can always navigate to unsafe destinations, even if they are safe destinations at the start. So, it's still the point where you give up control.

Well, next type of injection, style injection, some type which surprised me initially, because I was like, huh, styling with CSS, right? How can this be an attack angle? But there's a point. There's a tech called UI redress attack. Imagine, you have a hidden UI in control. So, an attacker will style. Okay, let's start like an example. You have a login form with like a login button to submit your credentials, and the attacker will style this login button as another transparent box covering this login button. And then, styling a link onto it. So, you will not submit your login credentials to the page you expect, but leading to a fake login page by just having a transparent box above or covering your login button. Redressing, actually. So, with this user-provided styles here, directly supplied, malicious users could still provide CSS to click check. How can we prevent that? Well, we should allow user to only adjust styling in a sandbox or safe way, like having a sandbox iframe, or only allowing full control of CSS inside safe way. It's like in this regard, the user can only set a certain color or only a certain background, all those changes which are not that dangerous, right? So, yeah, there are lots of ways to keep them safe by just limiting the scope where a user can have provided styles.

Of course, there's an attack angle in JavaScript themselves too, which is called JavaScript injections. And there are just some things you shouldn't do in Vue at least, but also when it comes to other frameworks. Because just from a clean code standpoint or like a maintainability standpoint, templates and render functions shouldn't have any side effects because it makes debugging it a nightmare. So, you should avoid having attributes accepting Strings.js. So, it's unclick, unfocus, events, attributes. And the scripts, of course, itself shouldn't be used in any complement. So, those ones should be avoided.

7. Keeping Projects Secure and Conclusion

Short description:

Keep your NPM packages and framework updated to avoid vulnerabilities. Use tools like Dependabot and NPM audit to ensure your project's security. Always mind your dependencies. Never use non-trusted templates and apply best practices to sanitize user input. Take a look at the OWASP website for more resources. Thank you for your interest in security topics and let's make the web a safer place.

Well, another point, which was mentioned, I guess, at the seventh rank. So, I didn't mark it in the oldest ranking, but it's a best practice to always take in mind. If you have a project who looks like this, like the small test project I set up. So, normally, it's not in production. But no matter if your project is already in production or just in development mode, it should never, ever look like this. So, outdated like having, yeah, so many vulnerabilities in it, even two critical ones. Please, ever try to keep your NPM packages or packages of whatever package manager you use and your framework updated on the latest state. And there are a couple of things how you can ensure it without putting that much work into it. Like using Dependabot if you host your project on GitHub or using NPM audit or similar commands. Taking a look at CWA databases where publicly disclosed vulnerabilities will be mentioned. So, please keep your projects up to date and don't wait for too long when it comes to applying security patches.

Okay. When it comes to keeping your web applications secure, when it comes to having your application as a fortress, when it comes to my talk, there are a few things I want you to remember. Actually, four things to remember. First, may it be Vue, may it be React, may it be Angular. Your framework is the first line of defense and you are the second more important one, but you are the second one which makes the most difference. Please, never, ever use non-trusted templates or templates. You cannot control templates which are not your own. Templates you don't trust. You can apply many small best practices like sanitizing, like escaping, like limiting the scope of the things a user can supply. Lots of those things. And last but not least, mind your dependencies. Keep your projects up to date.

Here I put some QR codes for more best practices which helped me a lot, which I really used the framework agnostic like the HTML5 best practices of a complete page of the OWASP. It always makes sense to take a look here. And I will search for more resources myself and will publish them in Twitter, so I don't eat up too much of your time because, yeah, there are so many things you can do. Well, what's left to say then? Thank you for listening to me, for being here, for being interested in security topics, and that we all try to make the web a more safer place for us, for us developers, and for the users. If you got any questions, just, yeah, just ask. Just find me on all known platforms like Twitter, Mastodon, LinkedIn, and, yeah, see you. See you soon. Goodbye.

Check out more articles and videos

We constantly think of articles and videos that might spark Git people interest / skill us up or help building a stellar career

Building Better Websites with Remix
React Summit Remote Edition 2021React Summit Remote Edition 2021
33 min
Building Better Websites with Remix
Top Content
Remix is a web framework built on React Router that focuses on web fundamentals, accessibility, performance, and flexibility. It delivers real HTML and SEO benefits, and allows for automatic updating of meta tags and styles. It provides features like login functionality, session management, and error handling. Remix is a server-rendered framework that can enhance sites with JavaScript but doesn't require it for basic functionality. It aims to create quality HTML-driven documents and is flexible for use with different web technologies and stacks.
Speeding Up Your React App With Less JavaScript
React Summit 2023React Summit 2023
32 min
Speeding Up Your React App With Less JavaScript
Top Content
Watch video: Speeding Up Your React App With Less JavaScript
Mishko, the creator of Angular and AngularJS, discusses the challenges of website performance and JavaScript hydration. He explains the differences between client-side and server-side rendering and introduces Quik as a solution for efficient component hydration. Mishko demonstrates examples of state management and intercommunication using Quik. He highlights the performance benefits of using Quik with React and emphasizes the importance of reducing JavaScript size for better performance. Finally, he mentions the use of QUIC in both MPA and SPA applications for improved startup performance.
Full Stack Documentation
JSNation 2022JSNation 2022
28 min
Full Stack Documentation
Top Content
The Talk discusses the shift to full-stack frameworks and the challenges of full-stack documentation. It highlights the power of interactive tutorials and the importance of user testing in software development. The Talk also introduces learn.svelte.dev, a platform for learning full-stack tools, and discusses the roadmap for SvelteKit and its documentation.
SolidJS: Why All the Suspense?
JSNation 2023JSNation 2023
28 min
SolidJS: Why All the Suspense?
Top Content
Suspense is a mechanism for orchestrating asynchronous state changes in JavaScript frameworks. It ensures async consistency in UIs and helps avoid trust erosion and inconsistencies. Suspense boundaries are used to hoist data fetching and create consistency zones based on the user interface. They can handle loading states of multiple resources and control state loading in applications. Suspense can be used for transitions, providing a smoother user experience and allowing prioritization of important content.
From GraphQL Zero to GraphQL Hero with RedwoodJS
GraphQL Galaxy 2021GraphQL Galaxy 2021
32 min
From GraphQL Zero to GraphQL Hero with RedwoodJS
Top Content
Tom Pressenwurter introduces Redwood.js, a full stack app framework for building GraphQL APIs easily and maintainably. He demonstrates a Redwood.js application with a React-based front end and a Node.js API. Redwood.js offers a simplified folder structure and schema for organizing the application. It provides easy data manipulation and CRUD operations through GraphQL functions. Redwood.js allows for easy implementation of new queries and directives, including authentication and limiting access to data. It is a stable and production-ready framework that integrates well with other front-end technologies.
It's a Jungle Out There: What's Really Going on Inside Your Node_Modules Folder
Node Congress 2022Node Congress 2022
26 min
It's a Jungle Out There: What's Really Going on Inside Your Node_Modules Folder
Top Content
The talk discusses the importance of supply chain security in the open source ecosystem, highlighting the risks of relying on open source code without proper code review. It explores the trend of supply chain attacks and the need for a new approach to detect and block malicious dependencies. The talk also introduces Socket, a tool that assesses the security of packages and provides automation and analysis to protect against malware and supply chain attacks. It emphasizes the need to prioritize security in software development and offers insights into potential solutions such as realms and Deno's command line flags.

Workshops on related topic

Hands-On Workshop: Introduction to Pentesting for Web Apps / Web APIs
JSNation US 2024JSNation US 2024
148 min
Hands-On Workshop: Introduction to Pentesting for Web Apps / Web APIs
Featured Workshop
Gregor Biswanger
Gregor Biswanger
In this hands-on workshop, you will be equipped with the tools to effectively test the security of web applications. This course is designed for beginners as well as those already familiar with web application security testing who wish to expand their knowledge. In a world where websites play an increasingly central role, ensuring the security of these technologies is crucial. Understanding the attacker's perspective and knowing the appropriate defense mechanisms have become essential skills for IT professionals.This workshop, led by the renowned trainer Gregor Biswanger, will guide you through the use of industry-standard pentesting tools such as Burp Suite, OWASP ZAP, and the professional pentesting framework Metasploit. You will learn how to identify and exploit common vulnerabilities in web applications. Through practical exercises and challenges, you will be able to put your theoretical knowledge into practice and expand it. In this course, you will acquire the fundamental skills necessary to protect your websites from attacks and enhance the security of your systems.
0 to Auth in an hour with ReactJS
React Summit 2023React Summit 2023
56 min
0 to Auth in an hour with ReactJS
WorkshopFree
Kevin Gao
Kevin Gao
Passwordless authentication may seem complex, but it is simple to add it to any app using the right tool. There are multiple alternatives that are much better than passwords to identify and authenticate your users - including SSO, SAML, OAuth, Magic Links, One-Time Passwords, and Authenticator Apps.
While addressing security aspects and avoiding common pitfalls, we will enhance a full-stack JS application (Node.js backend + React frontend) to authenticate users with OAuth (social login) and One Time Passwords (email), including:- User authentication - Managing user interactions, returning session / refresh JWTs- Session management and validation - Storing the session securely for subsequent client requests, validating / refreshing sessions- Basic Authorization - extracting and validating claims from the session token JWT and handling authorization in backend flows
At the end of the workshop, we will also touch other approaches of authentication implementation with Descope - using frontend or backend SDKs.
Building WebApps That Light Up the Internet with QwikCity
JSNation 2023JSNation 2023
170 min
Building WebApps That Light Up the Internet with QwikCity
WorkshopFree
Miško Hevery
Miško Hevery
Building instant-on web applications at scale have been elusive. Real-world sites need tracking, analytics, and complex user interfaces and interactions. We always start with the best intentions but end up with a less-than-ideal site.
QwikCity is a new meta-framework that allows you to build large-scale applications with constant startup-up performance. We will look at how to build a QwikCity application and what makes it unique. The workshop will show you how to set up a QwikCitp project. How routing works with layout. The demo application will fetch data and present it to the user in an editable form. And finally, how one can use authentication. All of the basic parts for any large-scale applications.
Along the way, we will also look at what makes Qwik unique, and how resumability enables constant startup performance no matter the application complexity.
Back to the Roots With Remix
React Summit 2023React Summit 2023
106 min
Back to the Roots With Remix
Workshop
Alex Korzhikov
Pavlik Kiselev
2 authors
The modern web would be different without rich client-side applications supported by powerful frameworks: React, Angular, Vue, Lit, and many others. These frameworks rely on client-side JavaScript, which is their core. However, there are other approaches to rendering. One of them (quite old, by the way) is server-side rendering entirely without JavaScript. Let's find out if this is a good idea and how Remix can help us with it?
Prerequisites- Good understanding of JavaScript or TypeScript- It would help to have experience with React, Redux, Node.js and writing FrontEnd and BackEnd applications- Preinstall Node.js, npm- We prefer to use VSCode, but also cloud IDEs such as codesandbox (other IDEs are also ok)
OWASP Top Ten Security Vulnerabilities in Node.js
JSNation 2024JSNation 2024
97 min
OWASP Top Ten Security Vulnerabilities in Node.js
Workshop
Marco Ippolito
Marco Ippolito
In this workshop, we'll cover the top 10 most common vulnerabilities and critical security risks identified by OWASP, which is a trusted authority in Web Application Security.During the workshop, you will learn how to prevent these vulnerabilities and develop the ability to recognize them in web applications.The workshop includes 10 code challenges that represent each of the OWASP's most common vulnerabilities. There will be given hints to help solve the vulnerabilities and pass the tests.The trainer will also provide detailed explanations, slides, and real-life examples in Node.js to help understand the problems better. Additionally, you'll gain insights from a Node.js Maintainer who will share how they manage security within a large project.It's suitable for Node.js Developers of all skill levels, from beginners to experts, it requires a general knowledge of web application and JavaScript.
Table of contents:- Broken Access Control- Cryptographic Failures- Injection- Insecure Design- Security Misconfiguration- Vulnerable and Outdated Components- Identification and Authentication Failures- Software and Data Integrity Failures- Security Logging and Monitoring Failures- Server-Side Request Forgery
Let AI Be Your Docs
JSNation 2024JSNation 2024
69 min
Let AI Be Your Docs
Workshop
Jesse Hall
Jesse Hall
Join our dynamic workshop to craft an AI-powered documentation portal. Learn to integrate OpenAI's ChatGPT with Next.js 14, Tailwind CSS, and cutting-edge tech to deliver instant code solutions and summaries. This hands-on session will equip you with the knowledge to revolutionize how users interact with documentation, turning tedious searches into efficient, intelligent discovery.
Key Takeaways:
- Practical experience in creating an AI-driven documentation site.- Understanding the integration of AI into user experiences.- Hands-on skills with the latest web development technologies.- Strategies for deploying and maintaining intelligent documentation resources.
Table of contents:- Introduction to AI in Documentation- Setting Up the Environment- Building the Documentation Structure- Integrating ChatGPT for Interactive Docs