Defensive Programming for HTML5

Course Description

HTML5 is the fifth revision of the HTML standard. HTML5 and its integration with JavaScript introduce new security risks that developers need to consider carefully when writing web front-end code. Modern web-based software, including mobile web front-end applications, rely heavily on JavaScript and HTML5 browser support to deliver advanced user experiences. Front-end developers focus their efforts on creating this experience and are generally not aware of the security implications of the technologies they use. This course helps web front-end developers understand the risks involved with manipulating the HTML Document Object Model (DOM) and using the advanced features of JavaScript and HTML5 (e.g., cross-origin resource sharing, local storage, and content security policy). The course reinforces some important security aspects of modern browser architecture and presents defensive programming techniques that can be immediately applied to prevent the introduction of common vulnerabilities. Additionally, the course provides a detailed description of typical JavaScript sources and sinks and explains how they can be used to detect problems in code.

Course Themes

  • Browser security
  • Risk landscape mitigation
  • Attack surface

Learning Objectives

  • Recognize that client-side code can introduce security vulnerabilities.
  • Appreciate the HTML5 risk landscape.
  • Apply defensive programming techniques in HTML5.
  • Identify and fix security vulnerabilities in HTML5 code.

Details

Delivery: eLearning

Duration: 1 Hour

Level: Intermediate

Intended Audience:

  • Front-End Developers
  • Mobile Developers
Competencies: Familiarity with web programming languages and general web app security, specifically HTML
Prerequisites:

Get more course information