Securing an AngularJS Web Application

AngularJS Security

Cybersecurity is a Game of Thrones. There is a constant struggle between the various actors to gain the upper hand. We at Osprey Security are no exception. The Osprey Risk Intelligence and Compliance product manages all aspects of an organization’s Cybersecurity needs relating to their Governance, Risk, and Compliance items. For this product, we chose AngularJS to build and deploy our front end web application. The front end is what the users see first and interact with directly, and that’s why it has an important role in the application security. It is the bridge between the user and the data, a friendly way of interaction with data.

There are numerous frameworks out there to implement an appealing user interface, but the ultimate choice depends on our functional and security needs and what and how we want to build. We want to ensure that we take into account, all the features and capabilities that are on offer esp. as it relates to the Risk Intelligence and Compliance product for example.

AngularJS: a front-end framework

We chose AngularJS as our framework for a variety of reasons. To give a brief overview, an Angular application typically communicates with a server to retrieve the data and then present it to the user. The communication could be via RESTful API or a simple web service.

To mitigate most of the common attacks, AngularJS assists in writing code in a way that: is secure by default and makes auditing for security vulnerabilities such as XSS, clickjacking, etc. a lot easier.

AngularJS provides security features such as: (more…)