Security is no longer an afterthought to development. Every developer should be responsible for building secure applications that properly handles identity access, secure transport that meetings secure code requirements along with securing the data behind the application. In this talk we will discuss how to handle authn and authz using Open ID Connect and Oauth2 in modern application architecture using JavaScript frameworks like Angular 2 with social and enterprise identity providers. Learn how architect your application to avoid common attacks like Man in the Middle, Cross Site Scripting. Also learn how to verify code is secure during development to running automated pen tests as part of your CI/CD process.