Trainers

• Philippe De Ryck

Schedule

07:30 - 08:30

• Continental breakfast buffet with the trainers

08:30 - 10:30

• Introduction to Cross-Site Scripting (XSS)

• XSS defenses in Angular

• XSS pitfalls in Angular

10:30 - 11:00

• Break with coffees, teas, juices, energizers and snacks

11:00 - 12:30

• Offensive and defensive hands-on labs

• Using Trusted Types with Angular

12:30 - 14:00

• Lunch with fresh soup, salads, selections of cold and warm fish and meat dishes, dessert

14:00 - 15:30

• Introduction to Content Security Policy (CSP)

• Common security mistakes in CSP policies

• Deploying CSP for Angular

• Offensive and defensive hands-on labs

15:30 - 16:00

• Break with coffees, teas, juices, energizers and snacks

16:00 - 17:30

• Practicalities about CSP

• Offensive and defensive hands-on labs

• XSS and server-side rendering

• Q & A

Takeaways

- Understand the limitations of Angular's built-in defenses
- Build up secure coding guidelines to avoid introducing vulnerabilities in your Angular applications
- Rely on code hygiene techniques to improve the results of code scanning tools
- Configure and deploy Content Security Policy for Angular applications
- Leverage Trusted Types to plug vulnerabilities in your application and its dependencies

Learn more about Philippe at https://pragmaticwebsecurity.com/ .