Skip to main content
Information Security

Questions tagged [angularjs]

Ask Question

AngularJS is a JavaScript framework for developing the client side of single page web applications. Use this tag for all versions of the framework.

44 questions
Newest Active Bountied Unanswered
0 votes
1 answer
760 views

I am trying to implement a CSP policy for our Angular 18 application based on Angular's CSP recommendation and I have found that their recommendation does not make sense to me. Specifically their use ...
java-addict301's user avatar
  • 105
1 vote
1 answer
84 views

I would like to run nikto (a web server scanner) on an Angular application running on localhost with Express. But nikto does not find the Angular application: $ nikto -host localhost -p 4500 -nossl - ...
Ortomala Lokni's user avatar
  • 201
2 votes
1 answer
2k views

I have a bunch of REST APIs which would be consumed by frontend applications created by customers using our product. I have suggested to only use last 2 versions of Chrome for running frontend apps. ...
user120947's user avatar
  • 121
2 votes
0 answers
177 views

Introduction: We heavily use external libraries, such as DataTables, in combination with interpolation. In Angular, we've identified two primary XSS prevention strategies: Interpolation ({{ }}) ...
VJSpeter's user avatar
  • 31
0 votes
0 answers
252 views

We are running Qualys security tests on our angular webapp, and we are getting one issue. Whatever images we are loading in the screens, we are getting "Path-Based Vulnerability" issue for ...
Salil Bansal's user avatar
  • 1
0 votes
1 answer
286 views

The application in question offers the option to create arbitrary C# code and execute it at any time. These could be considered macros to customize certain tasks. Say that a normal user, who would ...
drazse's user avatar
  • 3
3 votes
2 answers
5k views

I'm testing Angular application which uses Cookie-to-header token CSRF protection. According to Angular documentation https://angular.io/guide/http#security-xsrf-protection: When performing HTTP ...
user187205's user avatar
  • 1,363
0 votes
2 answers
3k views

I have the Angular application where CSRF protection is implemented using Cookie-to-header token. It is default AngularJS mechanism to counter CSRF, which uses cookie XSRF-TOKEN and header X-XSRF-...
user187205's user avatar
  • 1,363
2 votes
1 answer
3k views

The app is divided into two parts, the fronted - written with the Angular framework and the backend, simple PHP files which handle the login, API calls, etc. My current flow is the following: User ...
NeebletWorm's user avatar
  • 23
4 votes
1 answer
567 views

I'm trying to look for some way for mitigation of insecure deserialization vulnerability for the application front-end Then I found this link https://blog.jscrambler.com/exploring-the-owasp-top-10-by-...
user avatar
2 votes
1 answer
389 views

As part of a bounty bug, I discovered a Client Side Template Injection (CSTI). I would like to create more "impressive" payload to increase the risk of the vulnerability. The framework ...
Anonymous's user avatar
  • 284
1 vote
0 answers
460 views

This question is about how to secure API keys. Not sure if this is in the same category as Key management for Cryptography and should follow the same rules. See details below. We currently have hybrid ...
Xmus Jackson Flaxon Waxon's user avatar
  • 11
0 votes
0 answers
936 views

I'm trying to evade the HTML sanitizer in a field I found more vulnerable in my application to test some XSS injection. The field that I'm trying to exploit is a dropdown with the following code. The ...
davis's user avatar
  • 101
3 votes
1 answer
5k views

I am building a web app, which is made of a Node.js Backend and Angular (NOT AngularJS!!! I only used the tag, because Angular was not available..) Frontend. How do I properly secure this app? I ...
Munchkin's user avatar
  • 264
0 votes
1 answer
283 views

I am learning to design a system where it can be guarded against XSS & CSRF attack. I'll quickly list down my understanding and then raise questions. It's a simple case of fraud that I am trying ...
Always a newComer's user avatar
  • 121

15 30 50 per page
1
2 3