-
Course
- Core Tech
JavaScript Security: Best Practices
Learn how to write more secure JavaScript code. This course will teach you how to find, fix, and prevent vulnerabilities caused by unique JavaScript issues such as prototype pollution, dynamic typing bugs, and code injection attacks.
What you'll learn
Complex Web applications contain a lot of JavaScript code. Security of those applications depends on how robust this code is. In this course, JavaScript Security: Best Practices, you’ll learn how to improve the security of your JavaScript code. First, you’ll explore how exploiting the dynamic type system may lead to information disclosure vulnerabilities. Next, you’ll discover how JavaScript dynamic code execution functions can allow attackers to run arbitrary code within your application. Finally, you’ll learn how abusing prototypal inheritance may change the behavior of your application in unexpected ways. When you’re finished with this course, you’ll have the skills and knowledge of JavaScript security best practices needed to protect your web applications against attackers.
Table of contents
- Version Check | 15s
- Introduction | 3m 29s
- How Browser Execute JavaScript Code | 2m 2s
- How Node.js Executes JavaScript Code | 1m 2s
- JavaScript Security Pitfalls | 1m 50s
- Sample Application | 1m 56s
- Code Walkthrough | 2m 55s
- Loose Comparison Vulnerability | 2m 49s
- Exploiting the Vulnerability | 2m 39s
- Fixing the Code | 2m 26s
- Summary | 46s
About the author
Marcin Hoppe is a senior manager on the Product Security team at Auth0. He is passionate about writing secure JavaScript code and is an active member of the open source security community.
More Courses by Marcin