- Course
JavaScript Security: Best Practices
Learn how to write more secure JavaScript code. This course will teach you how to find, fix, and prevent vulnerabilities caused by unique JavaScript issues such as prototype pollution, dynamic typing bugs, and code injection attacks.
Intermediate
- Course
JavaScript Security: Best Practices
Learn how to write more secure JavaScript code. This course will teach you how to find, fix, and prevent vulnerabilities caused by unique JavaScript issues such as prototype pollution, dynamic typing bugs, and code injection attacks.
Intermediate
Get started today
Access this course and other top-rated tech content with one of our business plans.
Try this course for free
Access this course and other top-rated tech content with one of our individual plans.
This course is included in the libraries shown below:
- Core Tech
What you'll learn
Complex Web applications contain a lot of JavaScript code. Security of those applications depends on how robust this code is. In this course, JavaScript Security: Best Practices, you’ll learn how to improve the security of your JavaScript code. First, you’ll explore how exploiting the dynamic type system may lead to information disclosure vulnerabilities. Next, you’ll discover how JavaScript dynamic code execution functions can allow attackers to run arbitrary code within your application. Finally, you’ll learn how abusing prototypal inheritance may change the behavior of your application in unexpected ways. When you’re finished with this course, you’ll have the skills and knowledge of JavaScript security best practices needed to protect your web applications against attackers.
JavaScript Security: Best Practices
Intermediate
Table of contents
-
Version Check | 15s
-
Introduction | 3m 29s
-
How Browser Execute JavaScript Code | 2m 2s
-
How Node.js Executes JavaScript Code | 1m 2s
-
JavaScript Security Pitfalls | 1m 50s
-
Sample Application | 1m 56s
-
Code Walkthrough | 2m 55s
-
Loose Comparison Vulnerability | 2m 49s
-
Exploiting the Vulnerability | 2m 39s
-
Fixing the Code | 2m 26s
-
Summary | 46s
Marcin Hoppe is a senior manager on the Product Security team at Auth0. He is passionate about writing secure JavaScript code and is an active member of the open source security community.