Secure Coding with OWASP in Angular

https://www.pluralsight.com/courses/angular-owasp-secure-coding

by Alisa Duncan

Mod 1: Course Overview

  1. Course Overview

Mod 2: Introduction to Secure Coding

  1. About This Course
  2. Introduction to Secure Coding
  3. OWASP Top Ten
    • short explanation of each item of the OWASP Top Ten
  4. Demo: OWASP Top Ten
  5. Key OWASP Projects
Mod 3: Managing Authentication and Identity
  1. Introduction
  2. Robust Authentication Mechanisms
  3. Identity Providers
    • use the authorization code with PKCE for angular applications 
    • you must handle signing out as well
      • handled by most OIDC libraries 
  4. Demo: Adding Authentication
    • using the Angular Auth OIDC Client library and okta
  5. Summary
Mod 4: Managing Sessions
  1. Introduction
  2. Session Considerations
  3. Demo: Session Expiration
  4. Protecting Sessions
  5. XSRF Protection in Angular
    • angular implements the Double Submit Cookie Pattern
      • - this is to fight CSRF attacks
      • - shows how to configure it
  6. Demo: XSRF Protection
    • demo of using csrf protection with a backend
  7. Summary
Mod 5: Handling Inputs and Outputs
  1. Introduction
  2. Escaping Displayed Values
    • demonstration of how string interpolation guards against xss
  3. Demo: Escaping Displayed Values
  4. Input Validation
  5. Demos: Custom Validators
  6. Summary
Mod 6: Creating Dynamic Views
  1. Introduction
  2. Sanitizing Displayed Values
    • AOT compilation helps fight xss
      • it sanitizes code as it compiles.
    • AOT compilation is the default starting in angular 8
  3. Demo: Property Binding and Safe Markup
    • DOM based cross site scripting is automatically handled by angular
  4. Bypassing Automatic Sanitization
  5. Demo: Bypassing Automatic Sanitization
    • to bypass sanitization, use the DomSanitizer class
  6. Explicit Sanitization
    • you can explicitly sanitize markup (this.sanitizer.santize(...)) but you should prefer the built in sanitize mechanism built-in to angular
  7. Demo: Explicit Sanitization
  8. Summary
Mod 7: Managing Conditional View Elements
  1. Introduction
  2. Structural Directives
    • Create a custom structural directive for a more complex use case instead of using ngif or ngswitch 
  3. Demo: Limit Access to Views
    • shows an example of creating a simple structural directive
  4. Summary
Mod 8: Protecting Routes
  1. Introduction
  2. Route Architecture
  3. Routing and Route Guards
  4. Demo: Route Guards
  5. Summary
Mod 9: Calling APIs
  1. Introduction
  2. Managing Credentials
    • Proxy calls containing API Tokens if you need to maintain confidentiality of your tokens
      • huh? what does this mean?
  3. API Access and Interceptors
  4. Demo: Authorization Header Interceptor
  5. Summary
Mod 10: Managing Dependencies
  1. Introduction
  2. Vulnerable and Outdated Components
    • Use the 'ng update' CLI command to keep Angular up-to-date
  3. Demo: Running a Dependency Scan
    • Check for vulnerabilities using npm audit
    • use 'npm audit --omit=dev' to check production build
  4. Software and Data Integrity Failures
    • Pin your dependencies
      • Use lock files and ensure the semantic versioning range defined for the dependency is narrow.
      • use npm ci
  5. Demo: Verify Package Signatures
  6. Summary

Comments

Post a Comment

Popular posts from this blog

Angular Routing and Navigation Playbook

Image
https://www.pluralsight.com/courses/angular-routing-navigation-playbook by Lara Newsom Course Overview Course Overview Course Introduction and Code Examples Course Introduction and Code Examples Basic Angular Routing Setup Introduction to Angular Routing Discussion: Angular RouterModule Exports Demo: Bootstrap Angular RouterModule Discussion: Declaring Routes angular has tow route path match strategies: prefix based or full match prefix is the default Demo: Declaring Default and Home Routes two options for declaring a default route: {path: ' ', componenet: DefaultComponent} {path: ' ', redirectTo: 'home', pathMatch: 'full'} Discussion: Child Routes and Route Order Demo: Declaring a Wildcard Route wild card routes is: path: '**' to enabled logging all navigation events to the console, enable tracing Demo: Hooking into Router Events Routing in Standalone Component Applications Introduction to Standalone Components and Routing Demo: Bootstrapping Ro...
Read more

Working with Files in C# 10

https://www.pluralsight.com/courses/c-sharp-10-working-files by Jason Roberts Course Overview Course Overview Sandbox Managing Files and Directories Introduction Creating a New Console App Checking if a File Exists you can use to check if file path is an absolute path: Path.IsPathFullyQualified Getting the Parent Directory of a Path Checking if a Directory Exists and Creating New Directories Copying a File Moving a File Getting the File Extension from a File Name Checkpoint 01- Get the Parent Directory for a Path Changing a Filename Extension Checkpoint 02 - Get the Extension Part of a Filename Deleting a Directory Enumerating All the Files in a Directory Summary Exercise 01- Copying and Deleting Files Monitoring the File System for Changes Introduction Introducing the FileSystemWatcher Class The IntemalBufferSize Property Configuring Notification Filters Additional Properties Refactoring to Use a FileSystemWatcher use FileSystemWatcher to watch for file changes in a folder Checkpo...
Read more

Mastering Git

https://app.pluralsight.com/library/courses/master-git/table-of-contents by Paolo Perrotta Module 1: Course Overview Course Overview Module 2: The Four Areas: Introduction Version Check About This Training A Note About the Command Line Introducing the Four Areas The Working Area The Repository The Index Module 3: The Four Areas: Basic Workflow Revisiting the Basics Moving Data to the Right Moving Data to the Left Removing Files Renaming Files A Quick Summary Module 4: The Four Areas: Git Reset Understanding Reset A Reset Example More Reset Examples Module 5: The Four Areas: Advanced Tools Stashing Data Solving Conflicts Working with Paths Committing Parts of a File Introducing Switch and Restore Git Is a Toolbox Module 6: History: Exploring the Past Becoming a History Surgeon Referencing Commits to show changes in a commit: git show HEAD to show changes in a commit parent: git show HEAD^ Tracking Changes in History Browsing the Log Module 7: History: Fixing Mistakes Reviewing the Golde...
Read more