Trainers
Philippe De Ryck
Schedule
07:30 - 08:30
Continental breakfast buffet with the trainers
08:30 - 10:30
Introduction to Cross-Site Scripting (XSS)
XSS defenses in Angular
XSS pitfalls in Angular
10:30 - 11:00
Break with coffees, teas, juices, energizers and snacks
11:00 - 12:30
Offensive and defensive hands-on labs
Using Trusted Types with Angular
12:30 - 14:00
Lunch with fresh soup, salads, selections of cold and warm fish and meat dishes, dessert
14:00 - 15:30
Introduction to Content Security Policy (CSP)
Common security mistakes in CSP policies
Deploying CSP for Angular
Offensive and defensive hands-on labs
15:30 - 16:00
Break with coffees, teas, juices, energizers and snacks
16:00 - 17:30
Practicalities about CSP
Offensive and defensive hands-on labs
XSS and server-side rendering
Q & A
Takeaways
- Understand the limitations of Angular's built-in defenses
- Build up secure coding guidelines to avoid introducing vulnerabilities in your Angular applications
- Rely on code hygiene techniques to improve the results of code scanning tools
- Configure and deploy Content Security Policy for Angular applications
- Leverage Trusted Types to plug vulnerabilities in your application and its dependencies
Learn more about Philippe at https://pragmaticwebsecurity.com/ .