This course presents an overview of quirks and features that make JavaScript such a flexible, powerful, and popular language. The course does not focus specifically on client-side or server-side JavaScript, but instead gives an overview of security features built into the JavaScript language itself, as well as security features provided by the browsers and utilized by JavaScript web applications.
The main sections of the course offer a deep dive into the most common, most severe, and oldest JavaScript security issue: cross-site scripting (XSS). It examines different JavaScript execution contexts, dataflow concepts for identifying the issues, and protection mechanisms. It also covers the clickjacking vulnerability and mitigation methods. The last lesson focuses on managing dependencies in client-side and server-side applications and tools for identifying vulnerabilities in third-party JavaScript libraries.
Delivery Format: eLearning
Duration: 1 1/4 hours
Level: Intermediate
Intended Audience
Prerequisites