Overview/Description
AngularJS is designed to facilitate the development of rich, robust, single-page web applications. Being a client-side framework, AngularJS applications are inherently public and reveal much more implementation detail to the end user than traditional web sites. Securing an AngularJS application is a combination of using best practices on the client side to reduce vulnerability, and knowing that the lion share of security comes from making sure our server is locked down. This course covers concepts involved in securing full stack web applications using AngularJS, from Authentication and Authorization strategies, to the built-in security features AngularJS ships with.
Target Audience
Web developers with a basic understanding of developing AngularJS apps who wish to learn more advanced concepts related to AngularJS and web application security in general
describe what are bearer tokens and how to use them for authentication in an AngularJS app
receive and store bearer token in the DOM
send a bearer token to be used for authenticating requests generated by an AngularJS application
use cookies to persist identity through page reloads
use HTML5 storage to persist identity through page reloads, and recognize the benefits of this approach as opposed to a cookie-based approach
describe the roles of AngularJS, a client-side framework, and a server in authorizing requests
recognize how assuming AngularJS can implement real authorization leaves an application vulnerable to attack
recognize what obfuscation means and where it comes into play in a security context
use Uglify.js to minify and compress an AngularJS application
use tools to reverse the effects of minification of an AngularJS application
recognize what a Cross-Site Scripting or XSS attack may look like and how AngularJS protects against these
distinguish between secure and insecure cookies and recognize why an AngularJS application that uses cookies for identity persistence should have this cookie secure
recognize what a Cross-Site Request Forgery or CSRF attack looks like and how AngularJS may be vulnerable
recognize how implementing Anti-Forgery Tokens can protect against Cross-Site Request Forgery or CSRF attacks
use ngSanitize in AngularJS to allow whitelisted HTML to be rendered
disable string contextual escaping in AngularJS to allow a script to be executable
use bearer tokens to authenticate AngularJS requests with the server