Closed dunqan closed 3 years ago
Quick check:
bypassSecurity*
methods
[innerHTML] used for HTML content, so it is sanitizedyarn audit
. 3 warnings found (none of it is dangerous - vulnerabilities in our documentation tool and i18n linter)Will look more into the code later.
would checkmarx and sonarqube cover these reviews?
Threat modelling methodology applied extensively throughout key features of product. Closing ticket.
Perform an internal security audit before 1.0 release, including: 1) Review code for possible security threats (XSS / proper sanitization, not using JIT, 2) Make sure any security sensitive code is justified and properly guarded 3) Check if Angular built-in XSSI/XSRF protection is not mitigated in any way 4) Review package dependencies for security risk