| Сообщения без ответов | Активные темы |
Текущее время: 2024-11-22 18:29 |
|
Часовой пояс: UTC + 3 часа |
|
Страница 1 из 1 |
[ 1 сообщение ] |
| Пред. тема | След. тема |
[Pluralsight.com] AngularJS Security Fundamentals [2015, ENG]
| Автор | Сообщение | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Постоянный 
Раздал: 1.19 ТБ
Скачал: 949.67 ГБ Ратио: 1.278 Зарегистрирован: 2014-10-13 17:53 Сообщения: 2494 
|
AngularJS Security Fundamentals
#777 Год выпуска: 2015 Производитель: Pluralsight Сайт производителя: pluralsight.com Автор: Troy Hunt Продолжительность: 2:27 Тип раздаваемого материала: Видеоклипы Язык: Английский Описание: Client side frameworks such as AngularJS have become enormously popular due to their ability to streamline the development process and make more responsive web applications by moving workload from the server to the browser. With the popularity and enthusiasm around these frameworks also comes confusion about their security profiles and associated risks. Often, when developers build client apps with server back ends they approach the application as though they control the entire ecosystem. Assumptions are often made that the client they built will only ever talk to the server side APIs they built in the way they designed them. This view often overlooks the risk of an attacker circumventing the client controls and executing calls directly against the server side A9PI outside the intended scope of the application. Much of this course is about helping developers understand where the security boundaries of client side frameworks begin and end. It does this by demonstrating common implementation patterns using Angular and illustrating where security weaknesses may be introduced. It also highlights specific defenses implemented by Angular, and demonstrates the mechanics of how they work, and how they may be misconfigured to introduce risks. Содержание Introduction Overview Why Angular Security? Who This Course Is For About the Course Introducing the Insecure AngularJS App Summary Understanding Client Framework Security Boundaries Overview The Composition of AngularJS Overview of the Web Stack Typical Security Risks in the Stack Defending the Stack Always Assume the Client Is Compromised Circumventing the Client Summary Working with Security Controls on the Server Overview Understanding Page Lifecycles Authentication and Identity Persistence Cookies Versus Tokens Sending the Bearer Token Persisting the Bearer Token When the DOM Is Unloaded Exploiting Insufficient Authorization The Risk Behind Client Side Security Trimming Securing Templates Versus Securing Services Summary Common Security Flaws on the Client Side Overview Understanding DOM Versus HTML Source Security Assumptions and the Risk of "View Source" Excessive Model Attributes in API Responses Understanding Output Encoding in Client Libraries HTTP Only and Secure Cookies The Risk of Cross Site Request Forgery Summary Security Constructs Within AngularJS Overview Protecting Against Cross Site Request Forgery Using the ngSanitize Module Working with Unsanitized HTML The Danger of Server Side Templates Rendering User Input Summary Файлы примеров: присутствуют Формат видео: MP4 Видео: AVC, 1024x768, 4:3, 15fps, 184kbps Аудио: AAC, 48kHz, 192kbps, stereo Скриншоты |
|||||||||||||||||||
| 2015-09-17 02:02 |
|
|||||||||||||||||||
| ||||||||||||||||||||
|
|
Страница 1 из 1 |
[ 1 сообщение ] |
|
Часовой пояс: UTC + 3 часа |
Кто сейчас на конференции |
Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 10 |
| Вы не можете начинать темы Вы не можете отвечать на сообщения Вы не можете редактировать свои сообщения Вы не можете удалять свои сообщения Вы не можете добавлять вложения |
