Angular and the OWASP top 10

This page contains the resources for the talk titled "Angular and the OWASP top 10". Next to the slides, a cheat sheet covers a set of best practices for the most relevant items from the OWASP top 10 for Angular applications.


The OWASP top 10 is one of the most influential security documents of all time. A couple of years ago, these 10 security issues impacted almost every web application. However, today, the web application landscape has scattered. Monoliths have become frontends, backends, and third-party APIs. As a result, it has become harder to figure out which security measures belong where. Overall, security has gotten a lot more complicated.

In this talk, we explore the relationship between the OWASP top 10 and Angular applications. We will see how some issues are barely relevant in an Angular world. We will discover that Angular addresses some issues out of the box. Moreover, we will learn which issues require the most attention in an Angular application.

About Philippe De Ryck

Philippe De Ryck is the founder of Pragmatic Web Security, where he travels the world to train developers on web security and security engineering. He holds a Ph.D. in web security from KU Leuven. Google recognizes Philippe as a Google Developer Expert for his knowledge of web security and security in Angular applications.