This course aims to equip Angular developers with the knowledge and skills to write secure applications by understanding and mitigating the vulnerabilities listed in the OWASP Top 10 2021, specifically within Angular applications. Through a mix of theoretical concepts and practical exercises, learners will be able to apply best practices for secure coding and ensure their Angular applications are robust against common security threats.

It is recommended that participants on the  Secure Coding in Angular course have an understanding of Angular basics and familiarity with web development and security concepts.

Introduction to Web Security & OWASP Top 10 2021

Web Security Fundamentals

• Overview of OWASP Top 10 2021
• The Role of Secure Coding in Angular Development

Broken Access Control

• Deep dive into Broken Access Control
• Implementing secure authorization in Angular
• Securing routes and services in Angular

Injection

• SQL, Template and HTML Injection vulnerabilities
• How to identify and mitigate XSS and CSRF vulnerabilities
• Angular best practices to prevent Injection vulnerabilities
• Hands-on: DOM Cross-Site Scripting and Content Security Policy

Insecure Design

• Introduction to Insecure Design
• Designing Angular applications with security in mind
• Hands-on: Applying design patterns for secure Angular applications

Security Misconfiguration

• Common Angular security misconfigurations
• Secure deployment practices for Angular apps
• Hands-on: UI Redressing vulnerabilities

Vulnerable and Outdated Components

• Risks associated with using vulnerable components
• Managing dependencies in Angular projects
• Hands-on: Outdated Package Causes Vulnerability in Angular

Identification and Authentication Failures

• Securely managing user identities and authentication sessions
• Maintaining state after authentication in Angular, OAuth2.0 Best Practices
• Hands-on: Dangerous Open Redirect in Post-Login Navigation

Security Logging and Monitoring Failures

• Importance of logging and monitoring for security
• Implementing effective monitoring in Angular applications

The course is designed for:

• Angular Developers
• Web Developers transitioning to Angular
• Security Professionals with an interest in web application security

• Lecture slides and supplementary notes
• Practical coding exercises with solutions
• Additional resources for further learning

• The Secure Coding in Java Training  course is designed to instruct participants on best practices in secure coding using Java.
• The Secure Coding in .Net Training  course is designed to instruct participants on best practices in secure coding using .Net.
• The ISC2 Certified Secure Software Lifecycle Professional (CSSLP) course is designed for professionals who demonstrate a globally recognised level of competence, as defined in a common body of knowledge, by assuring security throughout the software lifecycle. They incorporate security when planning, designing, developing, acquiring, testing, deploying, maintaining, and/or managing software to increase its trustworthiness. Learn more about our CSSLP training 
• The Web Application Security Essentials course is a comprehensive and strategic overview of web application security and does not focus on a specific programming language, although some knowledge of JavaScript, basic SQL and the HTTP protocol is recommended. Learn more about our Web Application Security Training
• The Threat Modeling course provides attendees with the knowledge to identify applicable threats, quantify them, and address the risk with effective countermeasures to mitigate any attack – at the design stage of the SDL. Learn more about our Threat Modeling training
• The Secure Coding for PCI DSS course provides attendees specific knowledge and skills to apply the secure coding and application security standards needed for PCI DSS–relevant applications that process card payments and/or cardholder data. Learn more about our Secure Coding for PCI DSS training