Book Image

Building Web Apps with Spring 5 and Angular

By : Ajitesh Kumar Shukla
Book Image

Building Web Apps with Spring 5 and Angular

By: Ajitesh Kumar Shukla

Overview of this book

Spring is the most popular application development framework being adopted by millions of developers around the world to create high performing, easily testable, reusable code. Its lightweight nature and extensibility helps you write robust and highly-scalable server-side web applications. Coupled with the power and efficiency of Angular, creating web applications has never been easier. If you want build end-to-end modern web application using Spring and Angular, then this book is for you. The book directly heads to show you how to create the backend with Spring, showing you how to configure the Spring MVC and handle Web requests. It will take you through the key aspects such as building REST API endpoints, using Hibernate, working with Junit 5 etc. Once you have secured and tested the backend, we will go ahead and start working on the front end with Angular. You will learn about fundamentals of Angular and Typescript and create an SPA using components, routing etc. Finally, you will see how to integrate both the applications with REST protocol and deploy the application using tools such as Jenkins and Docker.
Table of Contents (18 chapters)
Title Page
Credits
About the Author
About the Reviewer
www.PacktPub.com
Customer Feedback
Preface

Securing app from CSRF/XSRF


In order to provide protection against CSRF attacks, the following techniques are recommended by OWASP:

  • The application needs to make sure that the request is generated from the real application, and not from another website. In order to achieve this, it needs to be verified that origin or referer header consists of a hostname matching the target origin hosting the real application. If both origin and referrer header is missing in HTTP request headers, it is recommended that requests are blocked. This technique is very effective, as all browsers implement the same origin policy.
  • Another mechanism is to verify the correctness and validity of what is termed as the CSRF or XSRF token. A challenge random token is generated by the server and associated with the current user session by sending the token as a part of response header or, making it as a hidden parameter of one or more generated forms. This token is, then, sent with every subsequent sensitive operations or...