angularjs – Page 6 – WindowsTechs.com

How secure is Angular?

Posted on February 28, 2017 by Carlos Martins

Very simple question
– Is angular a secure option for enterprise development?
– Is it Angular 2/4 a valid alternative to .net MVC?
– Is there any special security process or recommendation for these environments?

Continue reading How secure is Angular?→

How to get client MAC address using Angular JS? [on hold]

Posted on February 1, 2017 by Sumit patel

I want to find the client MAC address using Angular JS or JavaScript. How can I do that?

Continue reading How to get client MAC address using Angular JS? [on hold]→

CSRF tokens for a JWT-auth system using cookies

Posted on December 28, 2016 by Iain Duncan

I think I have this sorted, but would love to hear if I’m wrong. We have a Python+Angular.js set of apps, which are using JWT tokens for authentication, where the tokens are encrypted using a secret key, the payload identifie… Continue reading CSRF tokens for a JWT-auth system using cookies→

What is best way to pentest an AngularJS web app with a REST backend?

Posted on November 24, 2016 by hofbrau

Traditionall webapps are often pentested by vulnerability scanners like Burp Suite, OWASP ZAP or with the other gazillion tools included in Kali.
But what is the best way to pentest automatically a JavaScript web-app (Angula… Continue reading What is best way to pentest an AngularJS web app with a REST backend?→

What is best way to pentest a JavaScript web-app (AngularJS) with a REST backend?

Posted on November 24, 2016 by hofbrau

Traditionall webapps are often pentested by vuln. scanners like Burp-Suite, OWASP ZAP or with the other gazillion tools included in Kali.
But what is the best way to pentest automatically a JavaScript web-app (AngularJS) wit… Continue reading What is best way to pentest a JavaScript web-app (AngularJS) with a REST backend?→

Is there any point in using ‘strict-dynamic’ in an AngularJS 1.x application?

Posted on September 28, 2016 by Jean Hominal

I do not see the point in using CSP 3’s new strict-dynamic in the case of an AngularJS 1.x application.

As far as I can tell, using strict-dynamic still allows arbitrary Javascript injection via a sandbox escape in a templat… Continue reading Is there any point in using ‘strict-dynamic’ in an AngularJS 1.x application?→

Is there any point in using ‘strict-dynamic’ in an AngularJS 1.x application?

Posted on September 28, 2016 by Jean Hominal

I do not see the point in using CSP 3’s new strict-dynamic in the case of an AngularJS 1.x application.

How to securely access web api from Html5 Website

Posted on July 27, 2016 by Skumar

So the thing is I have created a Asp.Net web api and am using oauth to secure the access.
The problem is that the clients want to make a pure html(angular) website from which they will access the api. So basically they will c… Continue reading How to securely access web api from Html5 Website→

Adapting AngularJS Payloads to Exploit Real World Applications

Posted on April 25, 2016 by Gareth Heyes

Every experienced pentester knows there is a lot more to XSS than alert(1) – filtering, encoding, browser-quirks and WAFs all team up to keep things interesting. AngularJS Template Injection is no different. In this post, we will examine how we adapted… Continue reading Adapting AngularJS Payloads to Exploit Real World Applications→

Adapting AngularJS Payloads to Exploit Real World Applications

Posted on April 25, 2016 by Gareth Heyes

Every experienced pentester knows there is a lot more to XSS than <script>alert(1)</script> – filtering, encoding, browser-quirks and WAFs all team up to keep things interesting. AngularJS Template Injection is no different. In this post, we will examine how we adapted template injection payloads to bypass filtering and encoding and exploit Piwik and Uber.

Lower case conversion
Piwik, an Continue reading Adapting AngularJS Payloads to Exploit Real World Applications→