Common Security Flaws on the Client Side


Troy teaches you AngularJS security

Welcome to Part 4 of this review of the Pluralsight course AngularJS Security Fundamentals by Troy Hunt.

Common Security Flaws on the Client Side

Understanding DOM Versus HTML Source

Troy defines the Document Object Model; something which Angular is adept at manipulating.

We see how the DOM differs from actual HTML source by viewing each side by side.

Security Assumptions and the Risk of “View Source”

All client side code is public. Troy recommends bundling and minifying your JS files because otherwise it’s very easy for everyone to view and navigate through the contents.

In this lesson we see the contents of UsersFactory.js and how to use it to find sensitive information. This is due to a lack of access controls so bundling does not fix this problem, it only makes it less discoverable.

Excessive Model Attributes in API Responses

In Troy’s Hack Your API First course he talks at length about excessive model attributes. We see some example of attributes that we definitely don’t want to be returning to the client.

We see a before and after of the original flawed implementation versus the fixed solution.

Understanding Output Encoding in Client Libraries

This lesson talks about Cross Site Scripting attacks. We see HTML encoding and JavaScript encoding in action, and this is why AngularJS does a good job of protecting us against XSS attacks.

HTTP Only and Secure Cookies

Cookies can be enormously valuable for an attacker because they often have the authentication token in them. If JavaScript can access our cookies, they may be vulnerable, so we should make them HTTP only.

Troy also talks about HTML5 Storage, which may be a good alternative to cookies.

The Risk of Cross Site Request Forgery

In this lesson Troy opens up in a new tab. Alarmingly, our awesomeplaces site has now changed, and we have been logged out. This is despite awesomeplaces being in a different tab.

We see that is owned by Troy Hunt, and he crafted it to call our API via a hidden image. This is a CSRF attack, and just a very basic one. Make sure your apps are not vulnerable to these problems.

Continue to the final part – Security constructs within AngularJS

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s