JavaScript Security: Best Practices

Learn how to write more secure JavaScript code. This course will teach you how to find, fix, and prevent vulnerabilities caused by unique JavaScript issues such as prototype pollution, dynamic typing bugs, and code injection attacks.
Course info
Rating
(10)
Level
Intermediate
Updated
Aug 20, 2020
Duration
1h 31m
Table of contents
Description
Course info
Rating
(10)
Level
Intermediate
Updated
Aug 20, 2020
Duration
1h 31m
Description

Complex Web applications contain a lot of JavaScript code. Security of those applications depends on how robust this code is. In this course, JavaScript Security: Best Practices, you’ll learn how to improve the security of your JavaScript code. First, you’ll explore how exploiting the dynamic type system may lead to information disclosure vulnerabilities. Next, you’ll discover how JavaScript dynamic code execution functions can allow attackers to run arbitrary code within your application. Finally, you’ll learn how abusing prototypal inheritance may change the behavior of your application in unexpected ways. When you’re finished with this course, you’ll have the skills and knowledge of JavaScript security best practices needed to protect your web applications against attackers.

About the author
About the author

Marcin Hoppe is a senior manager on the Product Security team at Auth0. He is passionate about writing secure JavaScript code and is an active member of the open source security community.

Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Marcin Hoppe, and welcome to my Pluralsight course, JavaScript Security: Best Practices. I am a software engineer specialized in information security. I am also a member of the Node.js Ecosystem Security Working Group and an active contributor to the Open Source Security Foundation. The web is a wonderful, but dangerous place, Attackers, security vulnerabilities, and data breaches are a fact of life for many online businesses. JavaScript has a very special place in the web ecosystem. JavaScript code can be a target of an attack, but it can also be a tool that hackers use to breach our applications. In this course, we're going to learn how to improve the security of your JavaScript code. We are going to cover the JavaScript security model, dynamic type system vulnerabilities, code injection attacks, prototype pollution, and JavaScript security testing tools. By the end of this course, you'll know how to find, fix, and prevent the most common JavaScript security bugs. Before beginning the course, you should be familiar with JavaScript programming concepts such as variables, types, objects, and functions. I hope you'll join me on this journey to learn how to write more secure code with the JavaScript Security: Best Practices course, at Pluralsight.