Cross-Site Scripting is game over! We've been hearing this for a while now. Unfortunately, it is still more than relevant in the world of Angular-based frontends. While Angular offers significant protections out-of-the-box, I've witnessed first-hand how even a little room for mistakes can still result in XSS vulnerabilities. No more. In this session, we look at Trusted Types, a platform-based defense that will eradicate XSS vulnerabilities in frontends. We investigate how Trusted Types can stop typical frontend XSS attacks. Additionally, we explore how to enable Trusted Types in Angular to protect your entire application. You will walk away with actionable advice to get started with Trusted Types.

Talk takeaways

1. Trusted Types (TT) targets DOM-based XSS 

2. TT support is built-in in Angular

3. TT applies to your entire application, including dependencies

4. TT is awesome!

About Philippe

Philippe De Ryck helps developers protect companies through better web security. His Ph.D. in web security from KU Leuven lies at the basis of his exceptional knowledge of the security landscape. As the founder of Pragmatic Web Security, Philippe delivers security training and security consulting to companies worldwide. His online course platform allows anyone to learn complex security topics at their own pace. Philippe is a Google Developer Expert and an Auth0 Ambassador for his community contributions on the security of web applications and APIs.