Best Practices Security of codes , Breaches Attack | SSR | Angular

 Security Code

1. Preventing cross-site scripting (XSS)

The injection of scripts into DOM elements is a very common occurrence to damage or steal the website data, such as:


1.Authentication details

2.Credentials

3.Payment data

4.Social Security numbers

5.Web tokens

2. HTTP-related Vulnerabilities

Cross-site request forgery (CSRF) and cross-site script inclusion are the most common HTTP vulnerabilities that can affect any Angular application, though Angular has created in-build assistants that prevent them from the client side. 

    Angular’s cross-site scripting security model

Sanitization and security contexts

Angular defines the following security contexts:


HTML is used when interpreting a value as HTML, for example, when binding to innerHtml.

Style is used when binding CSS into the style property.

URL is used for URL properties, such as <a href>.

Resource URL is a URL that is loaded and executed as code, for example, in <script src>.

Direct use of the DOM APIs and explicit sanitization calls

    Trusting safe values

To mark a value as trusted, inject DomSanitizer and call one of the following methods:

We need to make a service for BypassUrl

bypassSecurityTrustHtml

bypassSecurityTrustScript

bypassSecurityTrustStyle

bypassSecurityTrustUrl

bypassSecurityTrustResourceUrl

Server-side XSS protection

Avoid risky Angular APIs


The “Angular way” safeguards you from XSS

1.Use innerHTML with caution

2.Never use templates generated by concatenating user input

3.Never use native DOM APIs to interact with HTML elements

4.Avoid template engines on server-side templates

5.Scan your Angular project for components which introduce security vulnerabilities


SSR

1.Facilitate web crawlers through search engine optimization (SEO)

    2.Improve performance on mobile and low-powered devices

    3.Show the first page quickly with a first-contentful paint (FCP)

Data breaches Security

1. PASSWORD ATTACK

2. PHISHING AND SPEAR PHISHING 

3. EAVESDROP ATTACK

4. CROSS-SITE SCRIPTING ATTACK

No comments:

Post a Comment

CPU vs GPU Architecture

  CPU vs GPU Architecture CPU (Central Processing Unit) and GPU (Graphics Processing Unit) have distinct architectural differences, optimize...

Best for you