Play all

Intro

ANGULAR APPLICATIONS RUN WITHIN THE BROWSER

CROSS-SITE SCRIPTING (XSS)

XSS REFRESHER

SERVER-SIDE DEFENSES AGAINST XSS

RESPECT THE AUTHORITY OF THE SANITIZER

SESSION MANAGEMENT IN THREE PROPERTIES

COOKIE FLAGS PATCH COOKIE BEHAVIOR

COOKIE PREFIXES TAKE IT A STEP FURTHER

THE UNDERESTIMATED THREAT OF CSRF

THE ESSENCE OF CSRF

TAKING CONTROL OF YOUR HOME NETWORK WITH CSRF

DEFENDING AGAINST CSRF ATTACKS

TRANSPARENT TOKENS AGAINST CSRF ATTACKS

ANGULARJS SUPPORTS TRANSPARENT TOKENS BY DEFAULT

THE SAMESITE COOKIE ATTRIBUTE

THE RESURRECTION OF THE AUTHORIZATION HEADER

ADOING THE AUTHORIZATION HEADER IN ANGULARUS

STORING SESSION DATA IN THE BROWSER

THE AUTHORIZATION HEADER VS COOKIES

JWTS ARE YOUNG, AND SUFFER FROM GROWING PAINS

Description:

Explore the security aspects of Angular applications in this comprehensive conference talk from AppSec EU 2017. Learn about the paradigm shift from server-side to client-side applications and its impact on security. Discover script-based threats against Angular applications and the concrete defenses Angular offers to prevent or minimize these attacks. Dive into various session management problems in combination with Angular, investigating topics such as Cross-Site Request Forgery (CSRF), cookie flags, Authorization headers, and JWT tokens. Gain a solid understanding of security threats against Angular applications and acquire concrete knowledge on how to use the latest security technologies to effectively secure your Angular applications against these threats.

Boosting the Security of Angular Applications

OWASP Foundation

Add to list

#Programming #Web Development #Web Application Security #Programming Languages #Javascript #Angular #Session Management #Information Security (InfoSec) #Cybersecurity #Web Security #JSON Web Tokens #JWT

0:00 / 0:00