Securing AngularJS Applications - OWASP
Securing AngularJS Applications
Sebastian Lekies (@slekies)
Who Am I?
Sebastian Lekies (@slekies) Senior Software Engineer at Tech Lead of the Web application security scanning team Google Internal Security Scanner & Cloud Security Scanner PhD Student at the University of Bochum Thesis topic: "Client-Side Web Application security" Interested in client-side attacks: XSS, ClickJacking, CSRF, etc.
Agenda
1. Introduction a. What is Cross-Site Scripting? b. What is AngularJS?
2. Basic Angular Security Concepts a. Strict Contextual Auto Escaping b. The HTML Sanitizer
3. Common Security pitfalls a. Server-Side Template Injection b. Client-Side Template Injection c. Converting strings to HTML d. White- and Blacklisting URLs
4. Conclusion
A quick introduction to Cross-Site Scripting (XSS)...
- XSS is a code injection problem:
A quick introduction to Cross-Site Scripting (XSS)...
- Attacker model
- Exploit:
Attacker
Link
User
Browser
xss.php?username=attackerC...
HTML + JS
attackerCode
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- angular 2 notes for professionals
- lecture 11 spin orbital and total angular momentum 1
- angular vs linear variables boston university
- l07 rotational motion and the moment of inertia 1 pre lab
- angularjs introduction
- part 1 angular acceleration
- angular 1 2 attune technology consultant
- chapter 11a angular motion
- angularjs notes for professionals
- experiment 1 6 torque rotational inertia and angular