Skip to main content
Information Security

Questions tagged [angularjs]

Ask Question

AngularJS is a JavaScript framework for developing the client side of single page web applications. Use this tag for all versions of the framework.

44 questions
Newest Active Bountied Unanswered
0 votes
1 answer
760 views

I am trying to implement a CSP policy for our Angular 18 application based on Angular's CSP recommendation and I have found that their recommendation does not make sense to me. Specifically their use ...
java-addict301's user avatar
  • 105
135 votes
4 answers
135k views

Context: Angular site is hosted on S3 behind CloudFront, separate from Express server that is used as API and almost all requests are XMLHttpRequests. All requests are sent without cookies (...
Igor Pomogai's user avatar
  • 1,453
1 vote
1 answer
84 views

I would like to run nikto (a web server scanner) on an Angular application running on localhost with Express. But nikto does not find the Angular application: $ nikto -host localhost -p 4500 -nossl - ...
Ortomala Lokni's user avatar
  • 201
2 votes
1 answer
2k views

I have a bunch of REST APIs which would be consumed by frontend applications created by customers using our product. I have suggested to only use last 2 versions of Chrome for running frontend apps. ...
user120947's user avatar
  • 121
4 votes
8 answers
12k views

I've recently discover that if you use inspect element to see the source code of the Html, you can change this <input type="password"/> to <input type="text"/> then you can see the ...
codebear22's user avatar
  • 205
2 votes
0 answers
177 views

Introduction: We heavily use external libraries, such as DataTables, in combination with interpolation. In Angular, we've identified two primary XSS prevention strategies: Interpolation ({{ }}) ...
VJSpeter's user avatar
  • 31
0 votes
0 answers
252 views

We are running Qualys security tests on our angular webapp, and we are getting one issue. Whatever images we are loading in the screens, we are getting "Path-Based Vulnerability" issue for ...
Salil Bansal's user avatar
  • 1
3 votes
2 answers
5k views

I'm testing Angular application which uses Cookie-to-header token CSRF protection. According to Angular documentation https://angular.io/guide/http#security-xsrf-protection: When performing HTTP ...
user187205's user avatar
  • 1,363
0 votes
1 answer
286 views

The application in question offers the option to create arbitrary C# code and execute it at any time. These could be considered macros to customize certain tasks. Say that a normal user, who would ...
drazse's user avatar
  • 3
0 votes
2 answers
3k views

I have the Angular application where CSRF protection is implemented using Cookie-to-header token. It is default AngularJS mechanism to counter CSRF, which uses cookie XSRF-TOKEN and header X-XSRF-...
user187205's user avatar
  • 1,363
2 votes
1 answer
3k views

The app is divided into two parts, the fronted - written with the Angular framework and the backend, simple PHP files which handle the login, API calls, etc. My current flow is the following: User ...
NeebletWorm's user avatar
  • 23
3 votes
1 answer
5k views

I am building a web app, which is made of a Node.js Backend and Angular (NOT AngularJS!!! I only used the tag, because Angular was not available..) Frontend. How do I properly secure this app? I ...
Munchkin's user avatar
  • 264
4 votes
1 answer
567 views

I'm trying to look for some way for mitigation of insecure deserialization vulnerability for the application front-end Then I found this link https://blog.jscrambler.com/exploring-the-owasp-top-10-by-...
user avatar
13 votes
2 answers
17k views

I am trying to Pentest an application which is built in AngularJS. The difficulties that I am facing: Burp Suite's "spider this host" option is not able to crawl all the urls as most of the requests ...
Jassi's user avatar
  • 431
2 votes
1 answer
389 views

As part of a bounty bug, I discovered a Client Side Template Injection (CSTI). I would like to create more "impressive" payload to increase the risk of the vulnerability. The framework ...
Anonymous's user avatar
  • 284

15 30 50 per page
1
2 3