Progressive Web Apps with Angular

Learn how Angular.js works with Progressive Web Apps out of the box
09 August 2017   1895

Hype.Codes continues to introduce the PWA to our readers.

Progressive Web Apps (PWA) was announced by Google in 2015. This format of creating mobile websites attracted attention due to the relative ease of development and almost instantaneous interaction with the user. As early as May 2016, at the Google I / O Developer Conference, The Washington Post demonstrated its mobile hybrid site-application.

What is PWA? You can perceive this as a site built using web technologies, but which interacts with the user as an application. The advances in the development of browsers, cache and Push-interfaces allowed installing the application on the home screen directly from the browser, receiving pop-up notifications and even working offline.

In this video, you will learn about the PWA features of Angular.

AngularJS is a JavaScript-based open-source front-end web application framework mainly maintained by Google and by a community of individuals and corporations to address many of the challenges encountered in developing single-page applications. The JavaScript components complement Apache Cordova, the framework used for developing cross-platform mobile apps. It aims to simplify both the development and the testing of such applications by providing a framework for client-side model–view–controller (MVC) and model–view–viewmodel (MVVM) architectures, along with components commonly used in rich Internet applications.

Angular is a platform for building apps with the web, and supports Progressive Web Apps out of the box. Learn how Angular's tools enable you to increase engagement with faster loads, offline access, and push notifications through progressive enhancement of your mobile web apps.

Node.js Apps to be Vulnerable to Redo Attack

Researchers found 25 previously unknown vulnerabilities in popular Node.js modules
21 August 2018   109

Researchers from the Darmstadt Technical University (Germany) discovered 25 new vulnerabilities in the Node.js. They open web servers and applications for ReDos attacks, leading to denial of service for a few seconds to a minute. This is reported by Bleeping Computer.

At the moment, there are 340 websites that contain at least one of the vulnerabilities.

ReDoS-attacks (Regular Expression Denial of Service) use the shortcomings of code performance when working with regular expressions. An attacker can upload a large and complex piece of text to the server or into the application as input. If the service components are not specifically designed to handle such a variety of data types, it will completely freeze the resource or application for the time it will take to deal with the input array.

Sending few packages will lead to a longer "freezing" of the server.

For such an attack, many programming languages ​​and web services are vulnerable. In the case of JavaScript, the consequences are worse because the language uses a single-threaded execution model, when each request is processed in turn. As a result, ReDoS-attack does not slow down any specific operation, but blocks the entire server.

It has became known about ReDoS-attacks in 2012, but at the time JavaScript, and specifically - Node.js, wasn't widely used in web development, so for more than five years the problem was ignored.

The researchers gave a list of modules in which at least one of the previously unknown vulnerabilities was detected:

Vulnerable modules
Vulnerable modules

They reported the issues to the developers of npm-modules and laid out on the GitHub a proof-of-concept exploit for each of them. Researchers also have created a tool with which it is possible to identify vulnerable sites without conducting a full-fledged attack. Thus, 339 resources were found - 12% of all that are based on Node.js.