So you thought you were safe using AngularJS. . . . Think again! - OWASP
So you thought you were safe using AngularJS. . . . Think again!
Who Am I?
? Lewis Ardern ? Ph.D. candidate Leeds Beckett University ? Security Consultant at Synopsys, previously Cigital
? Twitter @LewisArdern
Research Interests: ? Browser Security ? JavaScript ? HTML5 ? Static analysis
Agenda
? AngularJS In A Nut Shell ? AngularJS Security Protections ? AngularJS Security Issues ? Third-Party Library Security Issues ? Look To The Future
AngularJS In A Nut Shell
? AngularJS is an open source front-end JavaScript framework ? What is the current version of AngularJS:
? AngularJS 1.6.5 ? Angular 4.3.0 ? Angular ? MVC - Model View Controller ? MVVM - Model View ViewModel ? MVW - Model View Whatever ? Originally developed by Misko Hevery, then open sourced, and now maintained by Google ? What are the benefits of AngularJS? ? Separation of HTML, CSS, and JavaScript logic ? Convenience in DOM manipulations ? Performance ? If AngularJS is on the front-end, what technologies are used on the back end? ? Whatever: NodeJS, Java, C#, you name it ? A lot of Angular applications are built as single-page applications (SPA)
Angular and OWASP Top 10
? OWASP Top 10 issues that Angular code may have:
OWASP Top 10 Injection (SQL, Command, LDAP) Broken AuthN and Session Management Cross-site scripting Insecure Direct Object Reference Security Misconfiguration Sensitive Data Exposure Missing Function Level Access Control CSRF Using Components with Known Vulnerabilities Unvalidated Redirects and Forwards
Kinda Kinda
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- php parse to string
- so you thought you were safe using angularjs think again owasp
- parse json tutorial kart
- convert json to buffer
- working with json in rpg scott klement
- url query string api documentation instantcard
- jeffrey richter guide to working with azure storage tables via c and
- on the privacy concerns of url query strings
- write json object to file example script
- mysql select from query examples tutorial kart
Related searches
- if you were an animal interview question
- starbucks you were here collection
- starbucks you were here mugs
- so you bought a house
- day you were born facts printable
- year you were born information
- if you were an animal
- starbucks you were here cups
- so you want to be a writer
- day you were born poster
- newspaper day you were born
- year you were born poster