-
Notifications
You must be signed in to change notification settings - Fork 32
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Deploying to gh-pages from @ 20b32af 🚀
- Loading branch information
0 parents
commit 0219e0a
Showing
153 changed files
with
2,115 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| <!DOCTYPE html> | ||
| <html lang="en-US"> | ||
| <head> | ||
| <meta charset="utf-8"> | ||
| <meta name="viewport" content="width=device-width,initial-scale=1"> | ||
| <meta name="generator" content="VuePress 2.0.0-beta.36"> | ||
| <style> | ||
| :root { | ||
| --c-bg: #fff; | ||
| } | ||
| html.dark { | ||
| --c-bg: #22272e; | ||
| } | ||
| html, body { | ||
| background-color: var(--c-bg); | ||
| } | ||
| </style> | ||
| <script> | ||
| const userMode = localStorage.getItem('vuepress-color-scheme'); | ||
| const systemDarkMode = window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches; | ||
| if (userMode === 'dark' || (userMode !== 'light' && systemDarkMode)) { | ||
| document.documentElement.classList.toggle('dark', true); | ||
| } | ||
| </script> | ||
| <link rel="icon" href="/logo.svg"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black"><title>Angular Security Training</title><meta name="description" content="Learn how to prevent common threats in your Angular web application !"> | ||
| <link rel="modulepreload" href="/angular-security-training/assets/app.14588456.js"><link rel="modulepreload" href="/angular-security-training/assets/404.html.f166316b.js"><link rel="modulepreload" href="/angular-security-training/assets/404.html.bee13de6.js"><link rel="modulepreload" href="/angular-security-training/assets/plugin-vue_export-helper.21dcd24c.js"> | ||
| <link rel="stylesheet" href="/angular-security-training/assets/style.5bcd0686.css"> | ||
| </head> | ||
| <body> | ||
| <div id="app"><!--[--><div class="theme-container"><div class="theme-default-content"><h1>404</h1><blockquote>There's nothing here.</blockquote><a href="/angular-security-training/" class="">Take me home</a></div></div><!----><!--]--></div> | ||
| <script type="module" src="/angular-security-training/assets/app.14588456.js" defer></script> | ||
| </body> | ||
| </html> |
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| <!DOCTYPE html> | ||
| <html lang="en-US"> | ||
| <head> | ||
| <meta charset="utf-8"> | ||
| <meta name="viewport" content="width=device-width,initial-scale=1"> | ||
| <meta name="generator" content="VuePress 2.0.0-beta.36"> | ||
| <style> | ||
| :root { | ||
| --c-bg: #fff; | ||
| } | ||
| html.dark { | ||
| --c-bg: #22272e; | ||
| } | ||
| html, body { | ||
| background-color: var(--c-bg); | ||
| } | ||
| </style> | ||
| <script> | ||
| const userMode = localStorage.getItem('vuepress-color-scheme'); | ||
| const systemDarkMode = window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches; | ||
| if (userMode === 'dark' || (userMode !== 'light' && systemDarkMode)) { | ||
| document.documentElement.classList.toggle('dark', true); | ||
| } | ||
| </script> | ||
| <link rel="icon" href="/logo.svg"><meta name="apple-mobile-web-app-capable" content="yes"><meta name="apple-mobile-web-app-status-bar-style" content="black"><title>7.1 Unprotected APIs Overview | Angular Security Training</title><meta name="description" content="Learn how to prevent common threats in your Angular web application !"> | ||
| <link rel="modulepreload" href="/angular-security-training/assets/app.14588456.js"><link rel="modulepreload" href="/angular-security-training/assets/api-overview.html.8d09847e.js"><link rel="modulepreload" href="/angular-security-training/assets/api-overview.html.0c4ffcd6.js"><link rel="modulepreload" href="/angular-security-training/assets/plugin-vue_export-helper.21dcd24c.js"> | ||
| <link rel="stylesheet" href="/angular-security-training/assets/style.5bcd0686.css"> | ||
| </head> | ||
| <body> | ||
| <div id="app"><!--[--><div class="theme-container"><!--[--><header ref_key="navbar" class="navbar"><div class="toggle-sidebar-button" title="toggle sidebar" aria-expanded="false" role="button" tabindex="0"><div class="icon" aria-hidden="true"><span></span><span></span><span></span></div></div><span><a href="/angular-security-training/" class=""><img class="logo" src="/angular-security-training/logo.svg" alt="Angular Security Training"><span class="site-name can-hide">Angular Security Training</span></a></span><div class="navbar-items-wrapper" style=""><!--[--><!--]--><!----><!--[--><!--]--><button class="toggle-dark-button" title="toggle dark mode"><svg style="" class="icon" focusable="false" viewBox="0 0 32 32"><path d="M16 12.005a4 4 0 1 1-4 4a4.005 4.005 0 0 1 4-4m0-2a6 6 0 1 0 6 6a6 6 0 0 0-6-6z" fill="currentColor"></path><path d="M5.394 6.813l1.414-1.415l3.506 3.506L8.9 10.318z" fill="currentColor"></path><path d="M2 15.005h5v2H2z" fill="currentColor"></path><path d="M5.394 25.197L8.9 21.691l1.414 1.415l-3.506 3.505z" fill="currentColor"></path><path d="M15 25.005h2v5h-2z" fill="currentColor"></path><path d="M21.687 23.106l1.414-1.415l3.506 3.506l-1.414 1.414z" fill="currentColor"></path><path d="M25 15.005h5v2h-5z" fill="currentColor"></path><path d="M21.687 8.904l3.506-3.506l1.414 1.415l-3.506 3.505z" fill="currentColor"></path><path d="M15 2.005h2v5h-2z" fill="currentColor"></path></svg><svg style="display:none;" class="icon" focusable="false" viewBox="0 0 32 32"><path d="M13.502 5.414a15.075 15.075 0 0 0 11.594 18.194a11.113 11.113 0 0 1-7.975 3.39c-.138 0-.278.005-.418 0a11.094 11.094 0 0 1-3.2-21.584M14.98 3a1.002 1.002 0 0 0-.175.016a13.096 13.096 0 0 0 1.825 25.981c.164.006.328 0 .49 0a13.072 13.072 0 0 0 10.703-5.555a1.01 1.01 0 0 0-.783-1.565A13.08 13.08 0 0 1 15.89 4.38A1.015 1.015 0 0 0 14.98 3z" fill="currentColor"></path></svg></button><!----></div></header><!--]--><div class="sidebar-mask"></div><!--[--><aside class="sidebar"><!----><!--[--><!--]--><ul class="sidebar-items"><!--[--><li><a href="/angular-security-training/prerequisites/" class="sidebar-item sidebar-heading" aria-label="Prerequisites"><!--[--><!--]--> Prerequisites <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/introduction/" class="sidebar-item sidebar-heading" aria-label="1 Introduction"><!--[--><!--]--> 1 Introduction <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/" class="sidebar-item sidebar-heading" aria-label="2- Common Threats"><!--[--><!--]--> 2- Common Threats <!--[--><!--]--></a><!----></li><li><p tabindex="0" class="sidebar-item sidebar-heading"> <!----></p><!--[--><ul style="" class="sidebar-item-children"><!--[--><li><a href="/angular-security-training/common-threats/jwt/jwt-overview.html" class="sidebar-item" aria-label="1.1 JWT Overview"><!--[--><!--]--> 1.1 JWT Overview <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/jwt/jwt-workflow.html" class="sidebar-item" aria-label="1.2 JWT Workflow"><!--[--><!--]--> 1.2 JWT Workflow <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/jwt/jwt-storage.html" class="sidebar-item" aria-label="1.3 JWT Storage"><!--[--><!--]--> 1.3 JWT Storage <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/jwt/jwt-known-threats.html" class="sidebar-item" aria-label="1.4 JWT Known Threats"><!--[--><!--]--> 1.4 JWT Known Threats <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/jwt/jwt-best-current-practices.html" class="sidebar-item" aria-label="1.5 JWT Best Current Practices"><!--[--><!--]--> 1.5 JWT Best Current Practices <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/jwt/jwt-pw.html" class="sidebar-item" aria-label="1.6 JWT Practical Work"><!--[--><!--]--> 1.6 JWT Practical Work <!--[--><!--]--></a><!----></li><!--]--></ul><!--]--></li><li><p tabindex="0" class="sidebar-item sidebar-heading"> <!----></p><!--[--><ul style="" class="sidebar-item-children"><!--[--><li><a href="/angular-security-training/common-threats/csrf/csrf-overview.html" class="sidebar-item" aria-label="2.1 CSRF Overview"><!--[--><!--]--> 2.1 CSRF Overview <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/csrf/csrf-detection.html" class="sidebar-item" aria-label="2.2 CSRF Detection"><!--[--><!--]--> 2.2 CSRF Detection <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/csrf/csrf-defense.html" class="sidebar-item" aria-label="2.3 CSRF Defense Best Practices"><!--[--><!--]--> 2.3 CSRF Defense Best Practices <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/csrf/csrf-angular.html" class="sidebar-item" aria-label="2.4 CSRF Protection in Angular"><!--[--><!--]--> 2.4 CSRF Protection in Angular <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/csrf/csrf-pw.html" class="sidebar-item" aria-label="2.5 CSRF Practical Work"><!--[--><!--]--> 2.5 CSRF Practical Work <!--[--><!--]--></a><!----></li><!--]--></ul><!--]--></li><li><p tabindex="0" class="sidebar-item sidebar-heading"> <!----></p><!--[--><ul style="" class="sidebar-item-children"><!--[--><li><a href="/angular-security-training/common-threats/xss/xss-overview.html" class="sidebar-item" aria-label="3.1 XSS Overview"><!--[--><!--]--> 3.1 XSS Overview <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/xss/xss-detection.html" class="sidebar-item" aria-label="3.2 XSS Detection"><!--[--><!--]--> 3.2 XSS Detection <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/xss/xss-defense.html" class="sidebar-item" aria-label="3.3 XSS Defense Best Practices"><!--[--><!--]--> 3.3 XSS Defense Best Practices <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/xss/xss-angular.html" class="sidebar-item" aria-label="3.4 XSS Protection in Angular"><!--[--><!--]--> 3.4 XSS Protection in Angular <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/xss/xss-pw.html" class="sidebar-item" aria-label="3.5 XSS Practical Work"><!--[--><!--]--> 3.5 XSS Practical Work <!--[--><!--]--></a><!----></li><!--]--></ul><!--]--></li><li><p tabindex="0" class="sidebar-item sidebar-heading"> <!----></p><!--[--><ul style="" class="sidebar-item-children"><!--[--><li><a href="/angular-security-training/csp/csp-overview.html" class="sidebar-item" aria-label="4.1 CSP Overview"><!--[--><!--]--> 4.1 CSP Overview <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/csp/csp-defense.html" class="sidebar-item" aria-label="4.2 CSP Defense"><!--[--><!--]--> 4.2 CSP Defense <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/csp/csp-angular.html" class="sidebar-item" aria-label="4.3 CSP in Angular"><!--[--><!--]--> 4.3 CSP in Angular <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/csp/csp-pw.html" class="sidebar-item" aria-label="4.4 CSP Practical Work"><!--[--><!--]--> 4.4 CSP Practical Work <!--[--><!--]--></a><!----></li><!--]--></ul><!--]--></li><li><p tabindex="0" class="sidebar-item sidebar-heading"> <!----></p><!--[--><ul style="" class="sidebar-item-children"><!--[--><li><a href="/angular-security-training/common-threats/ssti/ssti-overview.html" class="sidebar-item" aria-label="5.1 SSTI Overview"><!--[--><!--]--> 5.1 SSTI Overview <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/ssti/ssti-angular.html" class="sidebar-item" aria-label="5.3 SSTI Protection in Angular"><!--[--><!--]--> 5.3 SSTI Protection in Angular <!--[--><!--]--></a><!----></li><!--]--></ul><!--]--></li><li><p tabindex="0" class="sidebar-item sidebar-heading"> <!----></p><!--[--><ul style="" class="sidebar-item-children"><!--[--><li><a href="/angular-security-training/common-threats/sca/sca-overview.html" class="sidebar-item" aria-label="6.1 Vulnerable Components Overview"><!--[--><!--]--> 6.1 Vulnerable Components Overview <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/sca/sca-detection.html" class="sidebar-item" aria-label="6.2 Vulnerable Components Detection"><!--[--><!--]--> 6.2 Vulnerable Components Detection <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/sca/sca-defense.html" class="sidebar-item" aria-label="6.3 Vulnerable Component Defense"><!--[--><!--]--> 6.3 Vulnerable Component Defense <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/sca/sca-angular.html" class="sidebar-item" aria-label="6.4 Vulnerable Components Protection in Angular"><!--[--><!--]--> 6.4 Vulnerable Components Protection in Angular <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/common-threats/sca/sca-pw.html" class="sidebar-item" aria-label="6.5 Vulnerable Components Practical Work"><!--[--><!--]--> 6.5 Vulnerable Components Practical Work <!--[--><!--]--></a><!----></li><!--]--></ul><!--]--></li><li><a href="/angular-security-training/advanced/" class="router-link-active sidebar-item sidebar-heading" aria-label="3- Advanced Threats"><!--[--><!--]--> 3- Advanced Threats <!--[--><!--]--></a><!----></li><li><p tabindex="0" class="sidebar-item sidebar-heading active"> <!----></p><!--[--><ul style="" class="sidebar-item-children"><!--[--><li><a aria-current="page" href="/angular-security-training/advanced/api/api-overview.html" class="router-link-active router-link-exact-active router-link-active sidebar-item active" aria-label="7.1 Unprotected APIs Overview"><!--[--><!--]--> 7.1 Unprotected APIs Overview <!--[--><!--]--></a><!--[--><ul style="" class="sidebar-item-children"><!--[--><li><a aria-current="page" href="/angular-security-training/advanced/api/api-overview.html#authorization" class="router-link-active router-link-exact-active sidebar-item" aria-label="Authorization"><!--[--><!--]--> Authorization <!--[--><!--]--></a><!----></li><!--]--></ul><!--]--></li><li><a href="/angular-security-training/advanced/api/api-defense.html" class="sidebar-item" aria-label="7.2 Unprotected API Defense"><!--[--><!--]--> 7.2 Unprotected API Defense <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/advanced/api/api-pw.html" class="sidebar-item" aria-label="7.3 Unprotected API Practical Work"><!--[--><!--]--> 7.3 Unprotected API Practical Work <!--[--><!--]--></a><!----></li><!--]--></ul><!--]--></li><li><p tabindex="0" class="sidebar-item sidebar-heading"> <!----></p><!--[--><ul style="" class="sidebar-item-children"><!--[--><li><a href="/angular-security-training/advanced/xssi/xssi-overview.html" class="sidebar-item" aria-label="8.1 XSSI Overview"><!--[--><!--]--> 8.1 XSSI Overview <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/advanced/xssi/xssi-defense.html" class="sidebar-item" aria-label="8.2 XSSI Defense"><!--[--><!--]--> 8.2 XSSI Defense <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/advanced/xssi/xssi-angular.html" class="sidebar-item" aria-label="8.3 XSSI protection in Angular"><!--[--><!--]--> 8.3 XSSI protection in Angular <!--[--><!--]--></a><!----></li><li><a href="/angular-security-training/advanced/xssi/xssi-pw.html" class="sidebar-item" aria-label="8.4 XSSI Practical Work"><!--[--><!--]--> 8.4 XSSI Practical Work <!--[--><!--]--></a><!----></li><!--]--></ul><!--]--></li><li><a href="/angular-security-training/continuous-prevention/" class="sidebar-item sidebar-heading" aria-label="4. Global recommendations"><!--[--><!--]--> 4. Global recommendations <!--[--><!--]--></a><!----></li><!--]--></ul><!--[--><!--]--></aside><!--]--><!--[--><main class="page"><!--[--><!--]--><div class="theme-default-content"><!--[--><h1 id="_7-1-unprotected-apis-overview" tabindex="-1"><a class="header-anchor" href="#_7-1-unprotected-apis-overview" aria-hidden="true">#</a> 7.1 Unprotected APIs Overview</h1><ul><li>OWASP Top 10+ 2017 new topic (draft version)</li><li>REST API architecture growing (mobile, SPA, IoT,…)</li><li>Restrict access to API for authenticated/authorized users/clients</li><li>This area impacts or is related to many others potential vulnerabilities : <ul><li>Broken Authentication & Session Management</li><li>Broken Access Control</li><li>Sensitive data exposure,</li><li>Insufficient Attack Protection</li><li>Cross-Site Request Forgery</li><li>JSONP vulnerability</li><li>Service Availability Threats</li></ul></li></ul><h2 id="authorization" tabindex="-1"><a class="header-anchor" href="#authorization" aria-hidden="true">#</a> Authorization</h2><ul><li>Used with strong authentication : JWT OAuth, multi-factor authentication, …</li><li>Web address request security: approach to secure your request URIs</li><li>Implement Service layer and Domain object security: separation of concerns, reusability, support for rich clients and web services</li><li>Define a realm: user, group, role, permission, right management …</li></ul><!--]--></div><footer class="page-meta"><!----><div class="meta-item last-updated"><span class="meta-item-label">Last Updated: </span><!----></div><div class="meta-item contributors"><span class="meta-item-label">Contributors: </span><span class="meta-item-info"><!--[--><!--[--><span class="contributor" title="email: [email protected]">Nourredine K</span><!----><!--]--><!--]--></span></div></footer><nav class="page-nav"><p class="inner"><!----><span class="next"><a href="/angular-security-training/advanced/api/api-defense.html" class="" aria-label="7.2 Unprotected API Defense"><!--[--><!--]--> 7.2 Unprotected API Defense <!--[--><!--]--></a></span></p></nav><!--[--><!--]--></main><!--]--></div><!----><!--]--></div> | ||
| <script type="module" src="/angular-security-training/assets/app.14588456.js" defer></script> | ||
| </body> | ||
| </html> |
Large diffs are not rendered by default.
Oops, something went wrong.
Oops, something went wrong.