In this section, you will learn about some of the common web application securities as specified by Open Web Application Security Project (OWASP) standards (https://www.owasp.org/), against which web applications need to be protected. Angular comes with a built-in support for protecting app against following security vulnerabilities:
- Cross-Site Scripting (XSS)
- Cross-Site Script Inclusion (XSSI)
- Cross-Site Request Forgery (CSRF)
Cross-Site Scripting (XSS) is one of the most common web application security vulnerabilities found in web applications. Using Cross-Site Scripting, attackers inject the the data or malicious code such as HTML/JavaScript code into web pages by sending untrusted data to the server. The attacker-injected data is not handled properly using one or more mechanisms such as content (HTML/JavaScript) escaping, leading to some of the following outcomes, which can all be called XSS attack:
- Deface...