Software Integrity

Archive for the 'JavaScript Security' Category

 

What does the recent NPM malware mean for the future of open source trust?

Co-authored by Amit Sethi and Arthur Hinds Earlier this month, the open source community went into high alert. The problem’s epicenter was the Node Package Manager (NPM) which affected what is currently believed to be 40 packages. Typosquatting Specifically, someone performed a ‘typosquatting’ attack against packages distributed via the NPM. First, the attacker downloaded popular […]

Continue Reading...

Posted in JavaScript Security, Open Source Security | Comments Off on What does the recent NPM malware mean for the future of open source trust?

 

AngularJS security series part 1: Angular $http service

Welcome to the first part in our AngularJS Security Series. Here, we’ll discuss the various solutions to write more secure applications. Our goal is simple: to help developers better understand Angular and embrace the practice of writing more secure code. – Stephen Teilhet, Lewis Ardern, & David Johansson The AngularJS Module is the basic building block of […]

Continue Reading...

Posted in Application Security, JavaScript Security | Comments Off on AngularJS security series part 1: Angular $http service

 

AngularJS is secure by default, right? Not so fast.

AngularJS is one of those wonderful frameworks that seems to hide so many of JavaScript’s warts. While Angular adds much-needed features to the language, it also creates a handful of new problems for developers. Due to this, I’ve teamed up with Lewis Ardern to pose a simple question with a not-so-simple answer: Google built AngularJS […]

Continue Reading...

Posted in Application Security, JavaScript Security | Comments Off on AngularJS is secure by default, right? Not so fast.

 

AngularJS 1.6: Life outside the sandbox

AngularJS 1.6 was recently released. With this release comes several impactful changes. One such change to note is the removal of the expression sandbox. This was a predicted change that was first announced in early September. If you haven’t already evaluated the impact of this on your Angular code in preparation for the changes, it’s […]

Continue Reading...

Posted in JavaScript Security, Software Security Testing, Threat Intelligence, Vulnerability Assessment | Comments Off on AngularJS 1.6: Life outside the sandbox