defdeveu courses
Search…
README
secdev courses
Java
JavaScript
Android
iOS
.NET
C/C++
Webapps in general
Testing courses
Mobile testing automation
Security test automation in CI/CD pipelines
Burp for developers
DevSecOps courses
Docker security
AWS security
Control courses
Security champions boot
Assisted code-review lab
Practical personal cybersec for security auditors
S-SDLC playbook
Library
Mobile security baseline
Hacking applications
Language specific
Java specific
.net/C# specific
JavaScript specific
C/C++ specific
Delivery
Main features
Agenda structure
Days and kits
Trainer formations
Course materials
Trainers
Glenn ten Cate
Zsombor Kovács
Davide Cioccia
Péter Nyilasy
Marek Zachara
Riccardo ten Cate
Timur Khrotko
Powered By GitBook
JavaScript specific

The language specific module

Secure coding in JS

Developed by Péter Nyilasy

Is JS a secure language?

  • Automatic conversions
  • Type safety
  • Variable scopes
  • Eval, setTimeout, etc,,,

Js injections

  • XSS
    • Types (reflective, stored, dom-based, non dom-based)
    • Dangerous js functions (Vanilla and jQuery)
    • How to defend
    • BeEF demo [*]
  • Other html injections
  • Open redirection
  • Client side sqli [*]
  • Cookie injection
  • The same origin policy, CSRF, CORS
  • OSRF
  • Clickjacking
  • Tabnabbing

HTML5 security

  • Web storage [*]
  • WebSockets [*]
  • Web Messaging [*]
  • Webworkers [*]
  • Iframe sandboxing
  • CSP and other security headers

Technology specific security

  • ReactJS security [*]
  • Angular security [*]

Other topics

  • JS obfuscation [*]
  • Cryptography in JS [*]
[*] optional, delivered on demand

Prerequisites

We assume that the developers attending the JS secdev course:
  • are familiar with the JS language and with XOX
  • understand the HTTP protocol and HTML
  • are familiar with basic security features of an enterprise application (authentication, authorization, the concept of a session)
  • have XOX and a suitable IDE installed on their laptop (labs desktop)
Previous
.net/C# specific
Next
C/C++ specific
Last modified 3yr ago
Copy link
On this page
The language specific module
Secure coding in JS
Prerequisites