How secure is AngularJS?
Synopsys Principal Security Consultant, Ksenia Dmitrieva-Peguero, recently posed the question at the information security conference, Securi-Tay: How secure is AngularJS? With seven years of experience in the AppSec space, and five years of software development experience, Ksenia’s current concentration centers on the analysis of JavaScript frameworks–researching their security implications, vulnerability discovery, and remediation.
In her latest presentation, Ksenia ventures into the topic of AngularJS security to examine its strengths and weaknesses.
About the AngularJS security presentation
Client-side JavaScript frameworks bring a lot of functionality and logic to the front-end. With all this code running in the browser, do they impose extra risks to applications?
Frameworks like AngularJS incorporate many security features like context-aware encoding and CSRF protection, but they also leave gaps and traps into which developers may fall when putting too much trust into client-side code.
In this presentation, Ksenia explores the security controls provided by the AngularJS framework out-of-the-box and the security defects that still reside in the Angular code and available plugins. Check out the video above for demonstrations of several attacks, such as a DOM-XSS, a template injection, and a sandbox bypass.
