2- Common Threats

In this chapter we will focus on the following threats raised in OWASP Top 10 2017 and 2021:

• Identification and Authentication Failures: we will use JWT for this training

• Injections:

  • CSRF: Cross Site Requests Forgery
  • XSS: Cross Site Scripting
  • SSTI: Template Injection
  • XSSI: JSON Hijacking

• Vulnerable and Outdated Components

• Unprotected APIs

For each threat, we will have an overview and recommended defense mechanisms to implement globally with Angular.

A Practical Work session is available when necessary.