SkillSoft Explore Course – Lambers, Inc.

IT Skills Web Development and Graphic Design Scripting JavaScript

AngularJS is designed to facilitate the development of rich, robust, single-page web applications. Being a client-side framework, AngularJS applications are inherently public and reveal much more implementation detail to the end user than traditional web sites. Securing an AngularJS application is a combination of using best practices on the client side to reduce vulnerability, and knowing that the lion share of security comes from making sure our server is locked down. This course covers concepts involved in securing full stack web applications using AngularJS, from Authentication and Authorization strategies, to the built-in security features AngularJS ships with.

Asset ID	sl_anjt_a02_it_enus
Course Type	Video Course
Course Category	Web Development and Graphic Design

Objectives
Authentication start the course describe what are bearer tokens and how to use them for authentication in an AngularJS app receive and store bearer token in the DOM send a bearer token to be used for authenticating requests generated by an AngularJS application use cookies to persist identity through page reloads use HTML5 storage to persist identity through page reloads, and recognize the benefits of this approach as opposed to a cookie-based approach Authorization describe the roles of AngularJS, a client-side framework, and a server in authorizing requests recognize how assuming AngularJS can implement real authorization leaves an application vulnerable to attack Obfuscation recognize what obfuscation means and where it comes into play in a security context use Uglify.js to minify and compress an AngularJS application use tools to reverse the effects of minification of an AngularJS application Potential Application Vulnerabilities recognize what a Cross-Site Scripting or XSS attack may look like and how AngularJS protects against these distinguish between secure and insecure cookies and recognize why an AngularJS application that uses cookies for identity persistence should have this cookie secure recognize what a Cross-Site Request Forgery or CSRF attack looks like and how AngularJS may be vulnerable recognize how implementing Anti-Forgery Tokens can protect against Cross-Site Request Forgery or CSRF attacks AngularJS Built-in Security use ngSanitize in AngularJS to allow whitelisted HTML to be rendered disable string contextual escaping in AngularJS to allow a script to be executable Practice: AngularJS Applications use bearer tokens to authenticate AngularJS requests with the server

Objectives

Authentication

start the course
describe what are bearer tokens and how to use them for authentication in an AngularJS app
receive and store bearer token in the DOM
send a bearer token to be used for authenticating requests generated by an AngularJS application
use cookies to persist identity through page reloads
use HTML5 storage to persist identity through page reloads, and recognize the benefits of this approach as opposed to a cookie-based approach

Authorization

describe the roles of AngularJS, a client-side framework, and a server in authorizing requests
recognize how assuming AngularJS can implement real authorization leaves an application vulnerable to attack

Obfuscation

recognize what obfuscation means and where it comes into play in a security context
use Uglify.js to minify and compress an AngularJS application
use tools to reverse the effects of minification of an AngularJS application

Potential Application Vulnerabilities

recognize what a Cross-Site Scripting or XSS attack may look like and how AngularJS protects against these
distinguish between secure and insecure cookies and recognize why an AngularJS application that uses cookies for identity persistence should have this cookie secure
recognize what a Cross-Site Request Forgery or CSRF attack looks like and how AngularJS may be vulnerable
recognize how implementing Anti-Forgery Tokens can protect against Cross-Site Request Forgery or CSRF attacks

AngularJS Built-in Security

use ngSanitize in AngularJS to allow whitelisted HTML to be rendered
disable string contextual escaping in AngularJS to allow a script to be executable

Practice: AngularJS Applications

use bearer tokens to authenticate AngularJS requests with the server

AngularJS Security Considerations