Kevin Hakanson gave a talk at the AngularMN Meetup this week on the top 10 OWASP (Open Web Application Security Project) web application security risks and how they relate to AngularJS.
This video is a bit of a hazy Google hangout but go to 10:30 to skip housekeeping. Hakanson delves into the following 10 points to help developers consider which patterns to avoid or implement.
- Injection go to 14:16
- Broken Authentication and Session Management go to 22:35
- Cross-Site Scripting (XSS) go to 25:45
- Insecure direct object references go to 33:00
- Security misconfiguration go to 33:56
- Sensitive Data Exposure go to 41:36
- Massing Functions Level Access Control go to 47:30
- Cross Site Request Forgery (CSRF) go to 50:04
- Using components with known vulnerabilities go to 55:12 (no sound slide only)
- Unvalidated redirects and forwards go to 57:28 (no sound slide only)
Related Posts