JavaScript Security: Best Practices

by Marcin Hoppe

Learn how to write more secure JavaScript code. This course will teach you how to find, fix, and prevent vulnerabilities caused by unique JavaScript issues such as prototype pollution, dynamic typing bugs, and code injection attacks.

Preview this course

What you'll learn

Complex Web applications contain a lot of JavaScript code. Security of those applications depends on how robust this code is. In this course, JavaScript Security: Best Practices, you’ll learn how to improve the security of your JavaScript code. First, you’ll explore how exploiting the dynamic type system may lead to information disclosure vulnerabilities. Next, you’ll discover how JavaScript dynamic code execution functions can allow attackers to run arbitrary code within your application. Finally, you’ll learn how abusing prototypal inheritance may change the behavior of your application in unexpected ways. When you’re finished with this course, you’ll have the skills and knowledge of JavaScript security best practices needed to protect your web applications against attackers.

Table of contents

Course Overview
2mins
Understanding JavaScript Security
22mins
Preventing Code Injection Attacks
23mins
Defending against Prototype Pollution
24mins
Testing Your Code
20mins

About the author

Marcin Hoppe

Marcin Hoppe is a principal engineer on the Auth0 Platform Security team at Okta. He is passionate about building secure applications and promoting security best practices in the software development community. Marcin’s experience covers software engineering and various areas of information security, such as identity and access management, application and cloud infrastructure security, zero-trust architectures, cryptography, and privacy.

See more courses by Marcin Hoppe
Ready to upskill? Get started