The cross-site scripting attack doesn’t cover
application-level security and for the applications security will need to implements
authentication and authorization.
As you know -
1. Authentication
- Who is this user?
2. Authorization
- What can this user do?
Best
Practices to Application Level Security -
1. Keep
updated releases of Angular library. Actually, the security team regularly
update the fixes of security and defects in latest versions.
2. Don't
add any custom hack on Angular library. It will create the problem to update
the latest library.
3. You
Must Prevent Trusting safe values
4. You
Must Follow the HTTP level
vulnerabilities
5. You
Must Prevent Cross-site request forgery (CSR Fattacks)
6. You
Must Prevent Cross-site script inclusion (XSSI)
7. You
Must Prevent Security Policy (CSP)
8. Avoid
direct use of the DOM APIs
9. Use
the offline template compiler
10. Try
Server-side XSS protection
Angular
Sanitization and Security Contexts -
1. The
HTML is used when interpreting a value as HTML (for example - when binding to innerHtml).
2. The
CSS Style is used when binding CSS into the style property.
3. URL
is used for URL properties like <a
href="">.
4. Resource
URL is a URL that will be loaded and executed as code, such as <script src="">
References
-
I hope you are enjoying with this post! Please
share with you friends!! Thank you!!!
|
Anil Singh is an author, tech blogger, and software programmer. Book writing, tech blogging is something do extra and Anil love doing it. For more detail, kindly refer to this link..
|
