Problems on Server Centric Environment
Source code vulnerabilities
Another issue with the security hole in the source code would be the rampant use of public packages and libraries. Most of the developers would be installing packages for the simplest of tasks and hence it is going to enhance project dependency. This is going to lead to security issues and their impact may lead to far reaching consequences.
When you are monitoring and addressing all potential dependencies it turns out to be labour centric and time consuming task. An auditing tool may help to automate the process and hence the process may be accelerated.
In some of the cases it would make sense to be removing dangerous characters from a data which is received as an input. It is going to provide some form of protection but one should not rely on the same when it comes to the question of data manipulation. Various techniques are there which an attacker may use to evade such a type of filter.
Compromise on session data
The browser script at the client side is that it is going to have all content which is returned by a web application on to a browser. It is going to contain cookies which would exponentially deal with sensitive data that may include user session ID of an user. A common exploit of XSS attack is to dish out the session token on to a user so that they would be able to hijack any session.
Appselling suggests a series of measures where you may prevent such features. It extends support to HTTP on cookies only. Such a move would be preventing client side scripting attacks from accessing any form of sensitive data that is stored on the cookies.
Coming to a local and a session storage data it may be stolen in the same manner. With the aid of a DOM access you may be able to secure the same. It is therefore suggested that to store sensitive data in the form of tokens browser storage is necessary. It is not going to be the case due to various applications of the web architecture.