Overview
Explore essential security practices for MEAN stack development in this 40-minute conference talk from AppSec EU 2017. Dive into common vulnerabilities and their prevention, including Query Selector Injection in MongoDB, Middleware Precedence issues in Express, and Expression Injection in Angular. Learn how to properly implement CSRF protection, manage sessions with JWTs, and safeguard sensitive information in local storage. Gain valuable insights on shifting security paradigms from server-side to client-side applications, and discover Angular's built-in security features. Walk away with practical knowledge to effectively secure your Angular applications against script-based threats, CSRF attacks, and other common security pitfalls in the MEAN stack ecosystem.
Syllabus
Preventing 10 Common Security Mistakes in the MEAN Stack
Query Selector Injection MongoDB
Middleware Precedence (Express)
Csurf and GET Requests (Express)
Session Revocation and JWTS (Express)
Expression Injection (Angular)
Local Storage Info Leakage (Angular)
Taught by
OWASP Foundation