Introduction to JavaScript Security

Course Description

This course presents the reader with an overview of quirks and features that make JavaScript such a flexible, powerful, and popular language. The course does not focus specifically on client-side or server-side JavaScript, but instead gives an overview of security features built into the JavaScript language itself, as well as security features provided by the browsers and utilized by JavaScript web applications. The main sections of the course do a deep dive into the most common, most severe, and the oldest JavaScript security issue - cross-site scripting. It discusses different JavaScript execution contexts, dataflow concepts for identifying the issues, and protection mechanisms. Following that, it also covers the clickjacking vulnerability and mitigation methods. The last lesson focuses on managing dependencies in client-side and server-side applications and tools for identifying vulnerabilities in third-party JavaScript libraries.

Course Themes

  • JavaScript language specifics
  • Browser security controls
  • JavaScript execution contexts
  • Common vulnerabilities and mitigation techniques
  • JavaScript code analysis

Learning Objectives

By the end of this content, students will be able to: 
  • Navigate JavaScript language specifics, like comparisons and scoping, that may cause security issues
  • Identify JavaScript execution contexts
  • Perform manual dataflow analysis with the knowledge of JavaScript sources and sinks 
  • Find common XSS issues in JavaScript code and select the best protection method for each case
  • Apply several mitigation techniques against clickjacking vulnerabilities
  • Compare different tools for managing third-party dependencies 

Details

Delivery Format: eLearning

Duration: 70 minutes

Intended Audience:

  • JavaScript developers who have 1-2 years experience, but are limited in the knowledge of security practices in JavaScript.

Prerequisites: 

Get more course information


250 / 250