angularjs – Page 2 – WindowsTechs.com

How is End to End encryption works in frontend and backend Web application

Posted on June 16, 2022 by FariZ

We have a web application in which Frontend and Backend are separated.
The frontend is an Angular app and the Backend is a Python app that proxy to Home Device (Behind Home Router)
My question is how to implement end-to-end encryption betw… Continue reading How is End to End encryption works in frontend and backend Web application→

Cookie-to-header token CSRF protection – is it necessary to verify cookie value?

Posted on April 7, 2022 by user187205

I’m testing Angular application which uses Cookie-to-header token CSRF protection. According to Angular documentation https://angular.io/guide/http#security-xsrf-protection:

When performing HTTP requests, an interceptor reads a token from… Continue reading Cookie-to-header token CSRF protection – is it necessary to verify cookie value?→

setAttributeNS XSS Vulnerability

Posted on March 9, 2022 by Arturo Martinez

Im fixing some security issues that AppScan found on my Angular Application, one of them is the insecure use of "setAttributeNS()"
I use this method in my application to inject some namespaces in the correct htmlElemnt
I have rea… Continue reading setAttributeNS XSS Vulnerability→

client-server data sharing is not encrypted in https [duplicate]

Posted on September 21, 2021 by karan vyas

I am using https for my website. i am not getting clear idea about how https internally works and how it makes our website more secure.
if the headers or data is encrypted as mentioned here SO then it can be allow for decode or not.
My Qu… Continue reading client-server data sharing is not encrypted in https [duplicate]→

Cookie-to-header token CSRF protection

Posted on September 7, 2021 by user187205

I have the Angular application where CSRF protection is implemented using Cookie-to-header token. It is default AngularJS mechanism to counter CSRF, which uses cookie XSRF-TOKEN and header X-XSRF-TOKEN. Only JavaScript that runs on my doma… Continue reading Cookie-to-header token CSRF protection→

Am I handling JWT token correctly?

Posted on August 25, 2021 by NeebletWorm

The app is divided into two parts, the fronted – written with the Angular framework and the backend, simple PHP files which handle the login, API calls, etc.
My current flow is the following:

User creates an account/login. Credentials are… Continue reading Am I handling JWT token correctly?→

Mitigation for Insecure Deserialization

Posted on July 22, 2021 by aj go

I’m trying to look for some way for mitigation of insecure deserialization vulnerability for the application front-end
Then I found this link
https://blog.jscrambler.com/exploring-the-owasp-top-10-by-exploiting-vulnerable-node-applications… Continue reading Mitigation for Insecure Deserialization→

is XSS possible on modern versions of angular

Posted on May 8, 2021 by seraj sherif

I wondering if XSS is still possible with modern version of angular I that the older version have some sandbox bypass but what of the newer versions.

Continue reading is XSS possible on modern versions of angular→

AngularJS login view send data in the url

Posted on May 5, 2021 by Maicake

Is the default behaviour that all the views are accessible from public? like example.com/angular-app/views/login.html?
Also if I compile the form at /views/login.html and send it the browser send a GET request like example.com/angular-app/… Continue reading AngularJS login view send data in the url→

Should a static Single Page Application expose CORS?

Posted on April 26, 2021 by usr-local-ΕΨΗΕΛΩΝ

I am questioning myself whether is it meaningful or not for a Single Page Application (e.g. Angular) to expose CORS headers or not.
Motivation: I am learning OWASP ZAP and it found that my Angular app exposes no CORS header.
Question
As th… Continue reading Should a static Single Page Application expose CORS?→