Angular and the OWASP Top 10

The OWASP top 10 is one of the most influential security documents of all time. A couple of years ago, these 10 security issues impacted almost every web application. However, today, the web application landscape has scattered. Monoliths have become frontends, backends, and third-party APIs. As a result, it has become harder to figure out which security measures belong where. Overall, security has gotten a lot more complicated.

In this talk, we explore the relationship between the OWASP top 10 and Angular applications. We will see how some issues are barely relevant in an Angular world. We will discover that Angular addresses some issues out of the box. Moreover, we will learn which issues require the most attention in an Angular application.

RESOURCES MENTIONED IN THIS SESSION

Session slides: https://pragmaticwebsecurity.com/talks/angularowasptop10 (plus a link to a free security cheat sheet)

– Enable the ngSanitize module for sanitization of HTML output: https://docs.angularjs.org/api/ngSanitize

– Info on SCE: https://docs.angularjs.org/api/ng/service/$sce – The decision to remove the expression sandbox in 1.6: http://blog.angularjs.org/2016/09/angular-16-expression-sandbox-removal.html – Avoid template injection through the orderBy filter: https://www.synopsys.com/blogs/software-security/angularjs-1-6-0-sandbox/ – Great video on AngularJS security issues by Lewis Ardern: https://www.youtube.com/watch?v=3vuLPzjc4RI

PHILIPPE DE RYCK

Founder of Pragmatic Web Security, Google Developer Expert

Philippe De Ryck is the founder of Pragmatic Web Security, where he travels the world to train developers on web security and security engineering. He holds a Ph.D. in web security from KU Leuven. Google recognizes Philippe as a Google Developer Expert for his knowledge of web security and security in Angular applications.

Find Philippe on twitter

Related Posts

Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.