[Pluralsight.com] AngularJS Security Fundamentals [2015, ENG] :: Ивановский Торрент трекер
Важное объявление!
У Нас Все раздачи мультитрекерные, при нуле пиров в релизах, можете смело вставать на закачку!
Статистика раздачи
Размер:     |    Зарегистрирован:     |    Скачан:     |   
Автор Сообщение


4 года 11 месяцев

Репутация: 101

[+] [-]
Вне форума [Профиль] [ЛС]

AngularJS Security Fundamentals
Год выпуска: 2015
Производитель: Pluralsight
Сайт производителя: pluralsight.com
Автор: Troy Hunt
Продолжительность: 2:27
Тип раздаваемого материала: Видеоклипы
Язык: Английский
Описание: Client side frameworks such as AngularJS have become enormously popular due to their ability to streamline the development process and make more responsive web applications by moving workload from the server to the browser. With the popularity and enthusiasm around these frameworks also comes confusion about their security profiles and associated risks. Often, when developers build client apps with server back ends they approach the application as though they control the entire ecosystem. Assumptions are often made that the client they built will only ever talk to the server side APIs they built in the way they designed them. This view often overlooks the risk of an attacker circumventing the client controls and executing calls directly against the server side A9PI outside the intended scope of the application. Much of this course is about helping developers understand where the security boundaries of client side frameworks begin and end. It does this by demonstrating common implementation patterns using Angular and illustrating where security weaknesses may be introduced. It also highlights specific defenses implemented by Angular, and demonstrates the mechanics of how they work, and how they may be misconfigured to introduce risks.


Why Angular Security?
Who This Course Is For
About the Course
Introducing the Insecure AngularJS App
Understanding Client Framework Security Boundaries
The Composition of AngularJS
Overview of the Web Stack
Typical Security Risks in the Stack
Defending the Stack
Always Assume the Client Is Compromised
Circumventing the Client
Working with Security Controls on the Server
Understanding Page Lifecycles
Authentication and Identity Persistence
Cookies Versus Tokens
Sending the Bearer Token
Persisting the Bearer Token When the DOM Is Unloaded
Exploiting Insufficient Authorization
The Risk Behind Client Side Security Trimming
Securing Templates Versus Securing Services
Common Security Flaws on the Client Side
Understanding DOM Versus HTML Source
Security Assumptions and the Risk of "View Source"
Excessive Model Attributes in API Responses
Understanding Output Encoding in Client Libraries
HTTP Only and Secure Cookies
The Risk of Cross Site Request Forgery
Security Constructs Within AngularJS
Protecting Against Cross Site Request Forgery
Using the ngSanitize Module
Working with Unsanitized HTML
The Danger of Server Side Templates Rendering User Input
Файлы примеров: присутствуют
Формат видео: MP4
Видео: AVC, 1024x768, 4:3, 15fps, 184kbps
Аудио: AAC, 48kHz, 192kbps, stereo


Показать сообщения:    

Текущее время: Сегодня 21:14

Часовой пояс: GMT

Вы не можете начинать темы
Вы не можете отвечать на сообщения
Вы не можете редактировать свои сообщения
Вы не можете удалять свои сообщения
Вы не можете голосовать в опросах
Вы не можете прикреплять файлы к сообщениям
Вы не можете скачивать файлы