JavaScript Security: Best Practices
By Marcin Hoppe
Course info



Course info



Description
Complex Web applications contain a lot of JavaScript code. Security of those applications depends on how robust this code is. In this course, JavaScript Security: Best Practices, you’ll learn how to improve the security of your JavaScript code. First, you’ll explore how exploiting the dynamic type system may lead to information disclosure vulnerabilities. Next, you’ll discover how JavaScript dynamic code execution functions can allow attackers to run arbitrary code within your application. Finally, you’ll learn how abusing prototypal inheritance may change the behavior of your application in unexpected ways. When you’re finished with this course, you’ll have the skills and knowledge of JavaScript security best practices needed to protect your web applications against attackers.
Section Introduction Transcripts
Course Overview
Hi everyone. My name is Marcin Hoppe, and welcome to my Pluralsight course, JavaScript Security: Best Practices. I am a software engineer specialized in information security. I am also a member of the Node.js Ecosystem Security Working Group and an active contributor to the Open Source Security Foundation. The web is a wonderful, but dangerous place, Attackers, security vulnerabilities, and data breaches are a fact of life for many online businesses. JavaScript has a very special place in the web ecosystem. JavaScript code can be a target of an attack, but it can also be a tool that hackers use to breach our applications. In this course, we're going to learn how to improve the security of your JavaScript code. We are going to cover the JavaScript security model, dynamic type system vulnerabilities, code injection attacks, prototype pollution, and JavaScript security testing tools. By the end of this course, you'll know how to find, fix, and prevent the most common JavaScript security bugs. Before beginning the course, you should be familiar with JavaScript programming concepts such as variables, types, objects, and functions. I hope you'll join me on this journey to learn how to write more secure code with the JavaScript Security: Best Practices course, at Pluralsight.