Collaborate Disseminate
I am really trying hard to exploit a Client Side Template Injection vulnerability in a webapp I am currently pentesting. Im so close to getting the payload to be executed, but I am stuck at the last little part^^. Would be great if you cou… Continue reading Angular Expression/XSS-Payload without Quotes or "$"
This question is about how to secure API keys. Not sure if this is in the same category as Key management for Cryptography and should follow the same rules. See details below.
We currently have hybrid Mobile Apps. The apps are made using A… Continue reading Securing API keys for accessing Google APIs via Front End (UI)
I am building a web app, which is made of a Node.js Backend and Angular (NOT AngularJS!!! I only used the tag, because Angular was not available..) Frontend.
How do I properly secure this app? I already have an idea to use JWT tokens (I al… Continue reading How to properly invalidate JWT tokens and sessions in this use case?
I have implemented a StatelessFilter which checks the CSRF token in the Cookie and in the headers.
package com.leadwinner.sms.config.filters;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
im… Continue reading Spring Security Stateless CSRF implementation in Logout
Can someone tell me how to test a web application with angular js with Burp suite?
Continue reading How to performance test an AngularJS Web Application? [on hold]
I’m testing web-app where i can not use strings or eval word(blocked by waf), they are running on AngularJS 1.6.6
I have seen this payload which fits my needs for version 1.4.0 but not does not work for 1.6.6
{{toString(… Continue reading AngularJS 1.6.6 no eval / strings XSS
In my angular app, initially, I used bypassSecurityTrustStyle(value: string) and it worked but in security testing of my application, it gave error Angular Usage of Unsafe DOM Sanitizer.
In this blog, it’s beautifully expla… Continue reading Angular application security error: Sanitizing unsafe style value
I am learning to design a system where it can be guarded against XSS & CSRF attack. I’ll quickly list down my understanding and then raise questions. It’s a simple case of fraud that I am trying to avoid. Steps mentioned below are exe… Continue reading Application design to avoid XSS & CSRF attacks
Is there any way to secure the endpoints from frontend?
I have an API written in NodeJs and I have a frontend website written in AngularJS and app in ionic. I had jwt token from the backend to authenticate but the client doe… Continue reading How do I protect my BE endpoints from FE?
Basically, I have a situation right now where the registration website allow to register via email address and then redirects me to another website (subdomain) of the original website. The subdomain website is using angular j… Continue reading Angular JS alternative xss payload?