The Synopsys Software Integrity Group is now Black Duck®. Learn More

close search bar

Sorry, not available in this language yet

close language selection

Securing Angular.js

Description

AngularJS, the superheroic JavaScript framework from Google, is a defining technology when it comes to building single-page applications. The framework removes the drudgery from writing robust, user-driven applications but requires a different way of thinking about architecture and security.

This course takes a tour through common mistakes developers make when building AngularJS applications, how these mistakes can introduce security vulnerabilities, and how to avoid them so you don’t get compromised.

Learning Objectives

  • Understand the security protections built into AngularJS.
  • Architect secure single-page applications.
  • Avoid coding practices that lead to template injection.
  • Prevent cross-site scripting (XSS) vulnerabilities.
  • Understand the role of authentication and authorization in single-page applications.

Details

Delivery Format: eLearning

Duration: 1 hour 15 minutes

Level: Intermediate

Intended Audience:

  • Front-End Developers

Prerequisites:

Course Outline

Introduction to AngularJS Security

  • Single-Page Applications
  • AngularJS History and Versioning
  • Security

AngularJS Templates and Expressions

  • Templates
  • Expressions

Built-In AngularJS Security Protections

  • Cross-Site Request Forgery Protection
  • Content Security Policy

Cross-Site Scripting Using AngularJS Expressions

  • AngularJS Template Injection
  • Cross-Site Scripting (XSS) Using orderBy
  • Strict Contextual Escaping

Authentication in AngularJS Applications

  • What are JSON web tokens?
  • Problems With JSON Web Tokens
  • Using Traditional Sessions

Authorization in AngularJS Applications

  • Restricting Access to Routes
  • Restricting Element Visibility

AngularJS Web Storage Security

  • Sensitive Data Exposure
  • Local Storage
  • Session Storage
  • Cookie Storage

Logging and Monitoring AngularJS Applications

  • Insufficient Application Logging
  • Client-Side Logging With AngularJS
  • Creating a Custom Log Service
  • Logging Best Practices

Training

Developer Security Training

Equip development teams with the skills and education to write secure code and fix issues faster