Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Are You Botching the Security of Your AngularJS Application

Devoxx via YouTube

Overview

Discover how to enhance the security of your AngularJS applications in this comprehensive one-hour conference talk by Philippe De Ryck at Devoxx. Learn about AngularJS' built-in security features, including Strict Contextual Escaping (SCE) for protection against cross-site scripting (XSS) attacks, and how to safely relax these protections when necessary. Explore the advanced Content Security Policy (CSP) and AngularJS' cross-site request forgery (CSRF) protection mechanism. Gain insights into mixing AngularJS with traditional applications, writing effective CSP policies, and implementing secure session management. While focusing primarily on AngularJS 1.x, the talk also relates concepts to AngularJS 2 where relevant. Benefit from the expertise of Philippe De Ryck, a professional speaker and trainer on software and web security, as he shares knowledge gained from his PhD research and experience running the Web Security Training program at imec-DistriNet research group (KU Leuven, Belgium).

Syllabus

Intro
KNOWLEDGE IS KEY TO BUILDING SECURE APPLICATIONS
CROSS-SITE SCRIPTING (XSS)
HOW DO YOU PROTECT AGAINST XSS?
MIXING ANGULARJS WITH TRADMONAL APPLICATIONS
THE NUTS AND BOLTS OF CSP
A QUICK OVERVIEW OF CSP'S DIRECTIVES
BROWSER SUPPORT FOR CSP LEVEL 1 IS AWESOME
FOLLOWING UP ON CSP VIOLATIONS
WRITING SANE CSP POLICIES
SECURE SESSION MANAGEMENT IS CRITICAL
THE UNDERESTIMATED THREAT OF CSRF
TRANSPARENT CSRF TOKENS WORK WITHOUT FORMS

Taught by

Devoxx

Reviews

Start your review of Are You Botching the Security of Your AngularJS Application

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.