|
|
|
|
|
|
by beermonster
1708 days ago
|
|
|
By and large your average developer hasn't really come a long way in writing more secure code and avoiding common decades old vulnerabilities. However what has changed is there are more people using frameworks such as angular, vue, react whereby they gain some protection those frameworks offer. Though obviously there is still some shared responsibility and it's no panacea - but has had a noticeable impact on the ordering of the OWASP list. |
|
|
With SSR, we only need to limit rendered information and we're fine. Now we need to limit the json (or xml if soap) response. If we need a condition based on protected data, we need to have additional, derived (computed) property for it and there isn't a standard way to do it, then make the view to condition based on that derived value.
That process is too alluring to be skipped and many choose to just breach the security and deal with them later, unless you have different team managing front and back.