Strengthen your security defenses when programming in JavaScript
The number of developers applying defensive coding techniques to JavaScript isn’t nearly as widespread as those taking defensive measures in Java (among other coding languages). Well, we’re working to change that! It’s not impossible to code defensively in JavaScript—it just takes a bit of training. We recently sat down with Aman Ali, one of our resident software security consultants and the developer of Synopsys’ latest training: Defending JavaScript. Here’s what he had to say about this latest training offering:
What’s this course all about?
Aman: We’re really excited to launch this new course. It utilizes a variety of techniques including lecture, demos, and labs to inspire participants’ varied learning styles. In doing so, developers learn about security issues within JavaScript (lecture), see them in action (demos), and identify and fix the issues themselves in sample applications (labs).
At the beginning of the training, we cover the basics of client-side JavaScript issues. Then, we move into security issues of the MEAN stack—the most popular set of JavaScript frameworks. On the client side, we also discuss security issues of the AngularJS framework. To round out the course, we discuss server-side frameworks (e.g., Node.js and Express.js).
In addition to our in-person classroom training, Synopsys also offers a versatile virtual classroom training option. The virtual classroom is ideal when attendees can’t all be in the same place at the same time. As long as you have a computer and an Internet connection, you can join others in your training group.
What can participants expect to learn?
Aman: Upon successful completion of the course, participants will be able to clearly recognize that client-side JavaScript code can introduce security vulnerabilities. They will be able to discuss the JavaScript risk landscape and also recognize risks related to server-side JavaScript. Additionally, participants will be able to apply defensive programming techniques within various frameworks, namely AngularJS, Express.js, and Node.js. Most importantly, participants will be able to not only identify security vulnerabilities in JavaScript code, they’ll also understand how to actually resolve the vulnerabilities.
Who benefits from this course?
Aman: This course is most beneficial for developers who are familiar with client-side and/or server-side JavaScript. It helps attendees to understand generic Web application risks. It also covers specific risks involved with manipulating JavaScript in the DOM, bypassing browser controls (such as same origin policy and sandboxing), sending Ajax requests, analyzing JSON, and using client-side frameworks and libraries.
For more information, check out our course catalog. I look forward to kicking off this new training and inspiring highly valuable defensive programming knowledge to help JavaScript developers build security into their work.
