Security Best Practices in Angular: Protecting Your Applications

In the world of web development, security is paramount. As developers, we strive to build robust and secure applications that protect user data and ensure a seamless user experience. Angular, being one of the most popular frameworks for building web applications, offers several features and best practices to enhance the security of your applications. In this post, we’ll delve into advanced security topics such as XSS protection, CSRF prevention, JWT authentication, and secure HTTP headers....

June 3, 2024 · 4 min · 705 words · Omid Farhang

Facebook closes cross-site scripting holes

Code could be injected through (fake) custom locations Facebook has closed various cross-site scripting (XSS) holes that were discovered by security firm Break Security and which have now been described in greater detail. Break Security’s CEO, Nir Goldshlager, explains that the social network was vulnerable to attacks through its Chat feature as well as its “Check in” and Messenger for Windows components. In the Chat window, for example, attackers were able to share links that weren’t adequately checked by Facebook....

April 21, 2013 · 2 min · 216 words · Omid Farhang

Google closes persistent XSS holes in Gmail

The H-online: Google has closed several cross-site scripting (XSS) holes in its Gmail email service – which has more than 350 million active users – that could have allowed an attacker to inject a malicious client-side script into a victim’s system. Security researcher Nils Juenemann discovered the three different XSS vulnerabilities in Gmail and disclosed them to Google’s Security Team as part the company’s Vulnerability Reward Program, in which researchers are rewarded with up to $20,000 for reporting qualifying bugs in its web-based services....

June 14, 2012 · 2 min · 269 words · Omid Farhang

Persistent XSS Vulnerability in White House Website

The Hacker News: Alexander Fuchs, A German Security Researcher Discover Persistent XSS Vulnerability in Official website of White House. “The petition system is vulnerable. Every Petition i start or join will execute my code. I could join all petitions and my code will be executed on all users who visit the petition system.” He said. Read full story in German: http://www.1337core.de/2011/die-whitehouse-gov-lol-petition/ The XSS Demo is here: https://wwws.whitehouse.gov/petitions/!/petition/security/WxgwM7DS Advisory: http://vulnerability-lab.com/get_content.php?id=308...

November 4, 2011 · 1 min · 73 words · Omid Farhang