Defensive JavaScript Programming Course

Course Description

JavaScript became programming language number one for all front-end development and is now winning server-side ground after introduction of Node.js framework running on the V8 JavaScript engine. The Defensive Programming in JavaScript course covers the questions of secure development in front-end, as well as back-end JavaScript. It helps attendees to understand generic web application risks, as well as specific risks involved  with manipulating JavaScript in the DOM, bypassing browser controls, like same origin policy and sandboxing, sending Ajax requests, analyzing JSON, and using client-side frameworks and libraries. The course also covers the risks present in the server-side code written in JavaScript. These risks are typical for any back-end frameworks such as different types of injections, frameworks misconfigurations, cross-site request forgery, and input validation.

The JavaScript frameworks covered in this course include, on the client side, AngularJS, and, on the server side, Node.js and Express.js. The lab includes exercises covering vulnerabilities and best practices in each framework.

Learning Objectives

After successfully completing this course, the student will be able to:

  • Recognize that client-side JavaScript code can introduce security vulnerabilities
  • Describe the JavaScript risk landscape
  • Recognize risks related to server-side JavaScript
  • Apply defensive programming techniques in JavaScript and its various frameworks (AngularJS, Node.js, Express.js)
  • Identify and fix security vulnerabilities in JavaScript code


Delivery Format: Live traditional or virtual classroom

Duration: 8 Hours

Intended Audience:

  • Developers