The purpose of the masterclass was to explore security threats of Angular applications like the paradigm shift from server-side to client-side applications and its impacts on security, script-based threats and the defenses Angular offers to prevent or minimize these attacks.
The room was full and even extra chairs were needed, which proves that issues related to web security are a concerns for startups and scaleups. However despite this awareness, Philippe De Ryck highlighted the importance of continuous work:
“Awareness is step one, but managing security risks in your applications is a long-term process, and that’s where it becomes hard. Especially in a startup, with a hundred other things to do, it is tempting to neglect security. That’s why I always advice people to take security into account from the early stages, and have it evolve with your product. It seems like a lot of effort at first, but it will give you a competitive advantage in the end.”
About the the threats that can affect Angular applications, Philippe provided great insights:
When comparing Angular with other software, it offers extra value in terms of security. Its architecture is able to offer various security features out of the box. For example, Angular automatically encodes or sanitizes outputs, which mitigates an enormous amount of potential cross-site scripting (XSS) attack vectors. Angular also supports cross-site request forgery (CSRF) defenses out-of-the-box, but you still need to enable that on your backend as well. Philippe left us a final tip to increase the security of your apps:
About the guest:
Philippe De Ryck is a professional speaker and trainer on software security and web security. Since he obtained his PhD at the imec-DistriNet research group (KU Leuven, Belgium), he has been running the group’s Web Security Training program, which ensures a sustainable knowledge transfer of the group’s security expertise towards practitioners.