In our previous blog post, we discussed how Angular and AngularJS applications are generally structured from an application security point of view. This time, we will explore different ways in which we can dynamically debug Angular applications whether the code is minimized or not. But why would that matter to application security researchers? By debugging Angular applications from the browser console, we can manipulate functions and scope variables to our liking. This can allow us to trigger behaviors that can help us discover front and back-end bugs, such as missing function level access control and insecure direct object reference. Furthermore, the techniques shown in this post can make it easier to examine bundled and minimized Angular code by leveraging tools provided by your browser’s developer tools.