Posted by Synopsys Editorial Team on March 3, 2017
In her latest presentation, Ksenia ventures into the topic of AngularJS security to examine its strengths and weaknesses.
Frameworks like AngularJS incorporate many security features like context-aware encoding and CSRF protection, but they also leave gaps and traps into which developers may fall when putting too much trust into client-side code.
In this presentation, Ksenia explores the security controls provided by the AngularJS framework out-of-the-box and the security defects that still reside in the Angular code and available plugins. Check out the video above for demonstrations of several attacks, such as a DOM-XSS, a template injection, and a sandbox bypass.