Are You Botching the Security of Your AngularJS Application

Discover how to enhance the security of your AngularJS applications in this comprehensive one-hour conference talk by Philippe De Ryck at Devoxx. Learn about AngularJS' built-in security features, including Strict Contextual Escaping (SCE) for protection against cross-site scripting (XSS) attacks, and how to safely relax these protections when necessary. Explore the advanced Content Security Policy (CSP) and AngularJS' cross-site request forgery (CSRF) protection mechanism. Gain insights into mixing AngularJS with traditional applications, writing effective CSP policies, and implementing secure session management. While focusing primarily on AngularJS 1.x, the talk also relates concepts to AngularJS 2 where relevant. Benefit from the expertise of Philippe De Ryck, a professional speaker and trainer on software and web security, as he shares knowledge gained from his PhD research and experience running the Web Security Training program at imec-DistriNet research group (KU Leuven, Belgium).