Boosting the Security of Angular Applications

Explore the security aspects of Angular applications in this comprehensive conference talk from AppSec EU 2017. Learn about the paradigm shift from server-side to client-side applications and its impact on security. Discover script-based threats against Angular applications and the concrete defenses Angular offers to prevent or minimize these attacks. Dive into various session management problems in combination with Angular, investigating topics such as Cross-Site Request Forgery (CSRF), cookie flags, Authorization headers, and JWT tokens. Gain a solid understanding of security threats against Angular applications and acquire concrete knowledge on how to use the latest security technologies to effectively secure your Angular applications against these threats.

Intro
ANGULAR APPLICATIONS RUN WITHIN THE BROWSER
CROSS-SITE SCRIPTING (XSS)
XSS REFRESHER
SERVER-SIDE DEFENSES AGAINST XSS
RESPECT THE AUTHORITY OF THE SANITIZER
SESSION MANAGEMENT IN THREE PROPERTIES
COOKIE FLAGS PATCH COOKIE BEHAVIOR
COOKIE PREFIXES TAKE IT A STEP FURTHER
THE UNDERESTIMATED THREAT OF CSRF
THE ESSENCE OF CSRF
TAKING CONTROL OF YOUR HOME NETWORK WITH CSRF
DEFENDING AGAINST CSRF ATTACKS
TRANSPARENT TOKENS AGAINST CSRF ATTACKS
ANGULARJS SUPPORTS TRANSPARENT TOKENS BY DEFAULT
THE SAMESITE COOKIE ATTRIBUTE
THE RESURRECTION OF THE AUTHORIZATION HEADER
ADOING THE AUTHORIZATION HEADER IN ANGULARUS
STORING SESSION DATA IN THE BROWSER
THE AUTHORIZATION HEADER VS COOKIES
JWTS ARE YOUNG, AND SUFFER FROM GROWING PAINS