AngularJS Security Considerations

Web developers with a basic understanding of developing AngularJS apps who wish to learn more advanced concepts related to AngularJS and web application security in general


Expected Duration
68 minutes

AngularJS is designed to facilitate the development of rich, robust, single-page web applications. Being a client-side framework, AngularJS applications are inherently public and reveal much more implementation detail to the end user than traditional web sites. Securing an AngularJS application is a combination of using best practices on the client side to reduce vulnerability, and knowing that the lion share of security comes from making sure our server is locked down. This course covers concepts involved in securing full stack web applications using AngularJS, from Authentication and Authorization strategies, to the built-in security features AngularJS ships with.



  • start the course
  • describe what are bearer tokens and how to use them for authentication in an AngularJS app
  • receive and store bearer token in the DOM
  • send a bearer token to be used for authenticating requests generated by an AngularJS application
  • use cookies to persist identity through page reloads
  • use HTML5 storage to persist identity through page reloads, and recognize the benefits of this approach as opposed to a cookie-based approach


  • describe the roles of AngularJS, a client-side framework, and a server in authorizing requests
  • recognize how assuming AngularJS can implement real authorization leaves an application vulnerable to attack


  • recognize what obfuscation means and where it comes into play in a security context
  • use Uglify.js to minify and compress an AngularJS application
  • use tools to reverse the effects of minification of an AngularJS application

Potential Application Vulnerabilities

  • recognize what a Cross-Site Scripting or XSS attack may look like and how AngularJS protects against these
  • distinguish between secure and insecure cookies and recognize why an AngularJS application that uses cookies for identity persistence should have this cookie secure
  • recognize what a Cross-Site Request Forgery or CSRF attack looks like and how AngularJS may be vulnerable
  • recognize how implementing Anti-Forgery Tokens can protect against Cross-Site Request Forgery or CSRF attacks

AngularJS Built-in Security

  • use ngSanitize in AngularJS to allow whitelisted HTML to be rendered
  • disable string contextual escaping in AngularJS to allow a script to be executable

Practice: AngularJS Applications

  • use bearer tokens to authenticate AngularJS requests with the server





Multi-license discounts available for Annual and Monthly subscriptions.