Security Code
1. Preventing cross-site scripting (XSS)
The injection of scripts into DOM elements is a very common occurrence to damage or steal the website data, such as:
1.Authentication details
2.Credentials
3.Payment data
4.Social Security numbers
5.Web tokens
2. HTTP-related Vulnerabilities
Cross-site request forgery (CSRF) and cross-site script inclusion are the most common HTTP vulnerabilities that can affect any Angular application, though Angular has created in-build assistants that prevent them from the client side.
Angular’s cross-site scripting security model
Sanitization and security contexts
Angular defines the following security contexts:
HTML is used when interpreting a value as HTML, for example, when binding to innerHtml.
Style is used when binding CSS into the style property.
URL is used for URL properties, such as <a href>.
Resource URL is a URL that is loaded and executed as code, for example, in <script src>.
Direct use of the DOM APIs and explicit sanitization calls
Trusting safe values
To mark a value as trusted, inject DomSanitizer and call one of the following methods:
We need to make a service for BypassUrl
bypassSecurityTrustHtml
bypassSecurityTrustScript
bypassSecurityTrustStyle
bypassSecurityTrustUrl
bypassSecurityTrustResourceUrl
Server-side XSS protection
Avoid risky Angular APIs
The “Angular way” safeguards you from XSS
1.Use innerHTML with caution
2.Never use templates generated by concatenating user input
3.Never use native DOM APIs to interact with HTML elements
4.Avoid template engines on server-side templates
5.Scan your Angular project for components which introduce security vulnerabilities
SSR
1.Facilitate web crawlers through search engine optimization (SEO)
2.Improve performance on mobile and low-powered devices
3.Show the first page quickly with a first-contentful paint (FCP)
Data breaches Security
1. PASSWORD ATTACK
2. PHISHING AND SPEAR PHISHING
3. EAVESDROP ATTACK
4. CROSS-SITE SCRIPTING ATTACK
No comments:
Post a Comment