JavaScript Security: Best Practices

By Marcin Hoppe
Learn how to write more secure JavaScript code. This course will teach you how to find, fix, and prevent vulnerabilities caused by unique JavaScript issues such as prototype pollution, dynamic typing bugs, and code injection attacks.
Play course overview
Course info
Rating
(47)
Level
Intermediate
Updated
Aug 20, 2020
Duration
1h 31m
Table of contents
Course Overview
Course Overview 2m
Understanding JavaScript Security
Introduction 3m How Browser Execute JavaScript Code 2m How Node.js Executes JavaScript Code 1m JavaScript Security Pitfalls 2m Sample Application 2m Code Walkthrough 3m Loose Comparison Vulnerability 3m Exploiting the Vulnerability 3m Fixing the Code 2m Summary 1m
Preventing Code Injection Attacks
Overview 3m Dynamic Code Execution 2m Unsafe Functions 3m Finding Unsafe Code 3m Exploiting the Vulnerability 3m Impact of Code Injection Attacks 3m Fixing the Code 3m Unsafe Code in Third-party Libraries 2m Summary 1m
Defending against Prototype Pollution
Overview 2m Understanding Prototypes 3m Polluting the Object Prototype 3m Finding Prototype Pollution in the Code 4m Exploiting the Vulnerability 5m Fixing the Code 3m Introducing Prototype Pollution through 3rd Party Libraries 3m Summary 1m
Testing Your Code
Overview 3m Security Testing Techniques 3m Finding Unsafe Code Using ESLint 4m Detecting Prototype Pollution with Unit Tests 5m Popular Security Testing Tools for JavaScript 4m Summary 1m
Description
Course info
Rating
(47)
Level
Intermediate
Updated
Aug 20, 2020
Duration
1h 31m
Description

Complex Web applications contain a lot of JavaScript code. Security of those applications depends on how robust this code is. In this course, JavaScript Security: Best Practices, you’ll learn how to improve the security of your JavaScript code. First, you’ll explore how exploiting the dynamic type system may lead to information disclosure vulnerabilities. Next, you’ll discover how JavaScript dynamic code execution functions can allow attackers to run arbitrary code within your application. Finally, you’ll learn how abusing prototypal inheritance may change the behavior of your application in unexpected ways. When you’re finished with this course, you’ll have the skills and knowledge of JavaScript security best practices needed to protect your web applications against attackers.

About the author
Marcin Hoppe
About the author

Marcin Hoppe is a senior manager on the Product Security team at Auth0. He is passionate about writing secure JavaScript code and is an active member of the open source security community.

Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Marcin Hoppe, and welcome to my Pluralsight course, JavaScript Security: Best Practices. I am a software engineer specialized in information security. I am also a member of the Node.js Ecosystem Security Working Group and an active contributor to the Open Source Security Foundation. The web is a wonderful, but dangerous place, Attackers, security vulnerabilities, and data breaches are a fact of life for many online businesses. JavaScript has a very special place in the web ecosystem. JavaScript code can be a target of an attack, but it can also be a tool that hackers use to breach our applications. In this course, we're going to learn how to improve the security of your JavaScript code. We are going to cover the JavaScript security model, dynamic type system vulnerabilities, code injection attacks, prototype pollution, and JavaScript security testing tools. By the end of this course, you'll know how to find, fix, and prevent the most common JavaScript security bugs. Before beginning the course, you should be familiar with JavaScript programming concepts such as variables, types, objects, and functions. I hope you'll join me on this journey to learn how to write more secure code with the JavaScript Security: Best Practices course, at Pluralsight.

You're the smartest person in the room

PROVE IT

Your team won't just close the skills gap

THEY'LL HURDLE IT