JavaScript specific

Search…

JavaScript specific

The language specific module
Secure coding in JS 
Developed by Péter Nyilasy
Is JS a secure language? 
Automatic conversions
Type safety
Variable scopes
Eval, setTimeout, etc,,,
Js injections
XSS
Types (reflective, stored, dom-based, non dom-based) 
Dangerous js functions (Vanilla and jQuery)
How to defend 
BeEF demo [*]
Other html injections
Open redirection
Client side sqli [*]
Cookie injection
Other JS (or JS related) vulnerabilities 
The same origin policy, CSRF, CORS
OSRF
Clickjacking
Tabnabbing
HTML5 security
Web storage [*]
WebSockets [*]
Web Messaging [*]
Webworkers [*]
Iframe sandboxing
CSP and other security headers
Technology specific security 
ReactJS security [*]
Angular security [*]
Other topics 
JS obfuscation [*]
Cryptography in JS [*]
[*] optional, delivered on demand
Prerequisites
We assume that the developers attending the JS secdev course:
are familiar with the JS language and with XOX
understand the HTTP protocol and HTML
are familiar with basic security features of an enterprise application (authentication, authorization, the concept of a session)
have XOX and a suitable IDE installed on their laptop (labs desktop)

.net/C# specific

C/C++ specific

Last modified 2yr ago

Copy link

Contents

The language specific module

Secure coding in JS

Prerequisites