JavaScript Security: Best Practices

Focused View

Marcin Hoppe

1:31:42

17 View

1. Course Overview

01. Course Overview.mp4

01:35

2. Understanding JavaScript Security

01. Introduction.mp4

03:29

02. How Browser Execute JavaScript Code.mp4

02:02

03. How Node.js Executes JavaScript Code.mp4

01:02

04. JavaScript Security Pitfalls.mp4

01:50

05. Sample Application.mp4

01:56

06. Code Walkthrough.mp4

02:55

07. Loose Comparison Vulnerability.mp4

02:49

08. Exploiting the Vulnerability.mp4

02:39

09. Fixing the Code.mp4

02:26

10. Summary.mp4

00:46

3. Preventing Code Injection Attacks

01. Overview.mp4

02:31

02. Dynamic Code Execution.mp4

02:21

03. Unsafe Functions.mp4

02:50

04. Finding Unsafe Code.mp4

03:23

05. Exploiting the Vulnerability.mp4

02:48

06. Impact of Code Injection Attacks.mp4

02:55

07. Fixing the Code.mp4

03:04

08. Unsafe Code in Third-party Libraries.mp4

02:23

09. Summary.mp4

01:05

4. Defending against Prototype Pollution

01. Overview.mp4

02:27

02. Understanding Prototypes.mp4

03:27

03. Polluting the Object Prototype.mp4

02:43

04. Finding Prototype Pollution in the Code.mp4

03:42

05. Exploiting the Vulnerability.mp4

04:38

06. Fixing the Code.mp4

03:24

07. Introducing Prototype Pollution through 3rd Party Libraries.mp4

02:49

08. Summary.mp4

01:08

5. Testing Your Code

01. Overview.mp4

03:27

02. Security Testing Techniques.mp4

03:24

03. Finding Unsafe Code Using ESLint.mp4

03:50

04. Detecting Prototype Pollution with Unit Tests.mp4

04:32

05. Popular Security Testing Tools for JavaScript.mp4

04:04

06. Summary.mp4

01:18

Description

Learn how to write more secure JavaScript code. This course will teach you how to find, fix, and prevent vulnerabilities caused by unique JavaScript issues such as prototype pollution, dynamic typing bugs, and code injection attacks.

What You'll Learn?

Complex Web applications contain a lot of JavaScript code. Security of those applications depends on how robust this code is. In this course, JavaScript Security: Best Practices, you’ll learn how to improve the security of your JavaScript code. First, you’ll explore how exploiting the dynamic type system may lead to information disclosure vulnerabilities. Next, you’ll discover how JavaScript dynamic code execution functions can allow attackers to run arbitrary code within your application. Finally, you’ll learn how abusing prototypal inheritance may change the behavior of your application in unexpected ways. When you’re finished with this course, you’ll have the skills and knowledge of JavaScript security best practices needed to protect your web applications against attackers.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

JavaScript

Marcin Hoppe

Instructor's Courses

Marcin Hoppe is a principal engineer on the Auth0 Platform Security team at Okta. He is passionate about building secure applications and promoting security best practices in the software development community. Marcin’s experience covers software engineering and various areas of information security, such as identity and access management, application and cloud infrastructure security, zero-trust architectures, cryptography, and privacy.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.