JavaScript Security

Course Description

This course presents an overview of quirks and features that make JavaScript such a flexible, powerful, and popular language. The course does not focus specifically on client-side or server-side JavaScript, but instead gives an overview of security features built into the JavaScript language itself, as well as security features provided by the browsers and utilized by JavaScript web applications.

The main sections of the course offer a deep dive into the most common, most severe, and oldest JavaScript security issue: cross-site scripting (XSS). It examines different JavaScript execution contexts, dataflow concepts for identifying the issues, and protection mechanisms. It also covers the clickjacking vulnerability and mitigation methods. The last lesson focuses on managing dependencies in client-side and server-side applications and tools for identifying vulnerabilities in third-party JavaScript libraries.

Learning Objectives

• Navigate JavaScript language specifics, like comparisons and scoping, that may cause security issues
• Identify JavaScript execution contexts
• Perform manual dataflow analysis with the knowledge of JavaScript sources and sinks 
• Find common XSS issues in JavaScript code and select the best protection method for each case
• Apply several mitigation techniques against the clickjacking vulnerability