Writing Secure JavaScript Code - Avoiding Vulnerabilities and Attacks
Offered By: Mozilla Hacks via YouTube
Course Description
Overview
Learn essential techniques for writing secure JavaScript code in this 32-minute conference talk from View Source 2017. Explore the strengths of JavaScript, understand common vulnerabilities, and dive into topics such as regular expressions, the event loop, and catastrophic backtracking. Discover how to prevent attacks through input manipulation, JSON handling, and type manipulation. Examine real-world examples, including the DustJS vulnerability, and gain practical insights on securing web applications. Conclude with key takeaways on library vulnerabilities, utilizing tools like Microsoft Sonar and Lighthouse, and the importance of regular upgrades for maintaining code security.
Syllabus
Introduction
What makes JavaScript great
MS Vulnerability
Regular Expressions
The Event Loop
Catastrophic Backtracking
Redose
Attack Manipulation
JSON as Input
Type Manipulation
DustJS
About Page
Playing with About Page
Wrapping Up
Takeaways
Libraries have bugs
Microsoft Sonar and Lighthouse
Upgrade
Taught by
Mozilla Hacks
Related Courses
Design of Computer ProgramsStanford University via Udacity Programming Languages
University of Virginia via Udacity Data Structures and Performance
University of California, San Diego via Coursera Introducción a Data Science: Programación Estadística con R
Universidad Nacional Autónoma de México via Coursera Applied Text Mining in Python
University of Michigan via Coursera