Are you botching the security of your AngularJS application? by Philippe De Ryckby Philippe De Ryck 01:29 717 views 100% Published 3 years ago
In this session, you will learn how to leverage AngularJS' security features to their full potential. Specifically, you will learn how AngularJS applies Strict Contextual Escaping (SCE) against XSS attacks, and how to relax that protection in a safe way (instead of turning it off). We also cover the advanced Content Security Policy (CSP), and AngularJS' built-in cross-site request forgery (CSRF) protection mechanism. We mainly focus on AngularJS 1.x, but also relate the concepts to AngularJS 2 where relevant.
Philippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the imec-DistriNet research group (KU Leuven, Belgium), he has been running the group's Web Security Training program, which ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners.