JavaScript: Security Essentials (2019)
45mIntermediate2019-01-18
Authors

Emmanuel Henri
Executive with 20+ years of experience in programming and design
Course details
Web security guidelines are useful. Penetration testing finds weak points in code and infrastructure. Somewhere in the middle, though, developers need to create resilient code. In this course, Emmanuel Henri equips JavaScript developers with the basic knowledge and techniques they need to keep their JavaScript applications secure. Discover how to approach the challenges of cross-side scripting, cross-site forgery, server-side injection, and obfuscation, as well as how to best approach sensitive data risks. Throughout the course, Emmanuel shows what these threats actually look like in code, demonstrates syntax corrections you can make to fix these issues, and shares best practices for dealing with key threats.
Learning objectives
Key threats to be aware of as a JavaScript developer
Risks posed by cross-site scripting
Best practices for dealing with cross-site forgery threats
Dealing with sensitive data risks
Preventing server-side injection
Preventing obfuscation
Learning objectives
Key threats to be aware of as a JavaScript developer
Risks posed by cross-site scripting
Best practices for dealing with cross-site forgery threats
Dealing with sensitive data risks
Preventing server-side injection
Preventing obfuscation
Skills covered
Software Development SecurityJavaScriptOracleCybersecurityProgramming LanguagesSoftware DevelopmentDeep Dive (X:Y)
Concepts
0. Introduction
- 01 - Build effective and secure JavaScript applications
- 02 - What you should know
1. Overview of Security Concepts
- 03 - Overview of the most common threats
- 04 - List of available resources
- 05 - Overview of this course's approach
2. Security Applied - XSS
- 06 - What is cross-site scripting (XSS)
- 07 - Example of XSS in code
- 08 - Final syntax applied XSS
- 09 - Best practices for XSS threats
3. Security Applied - CSRF
- 10 - What is cross-site request forgery (CSRF)
- 11 - Overview of JSON Web Token (JWT)
- 12 - Overview of Auth0
- 13 - Best practices for CSRF threats
4. Security Applied - Sensitive Data
- 14 - What are sensitive data risks
- 15 - Overview of the encryption
- 16 - List of the crypto libraries
- 17 - Best practices for sensitive data
5. Security Applied - SSJI
- 18 - What is server-side JavaScript injection (SSJI)
- 19 - Example of SSJI code
- 20 - How to prevent SSJI
6. Security Applied - Obfuscation
- 21 - What is obfuscation
- 22 - Tools for scrambling your data
- 23 - Best practices for scrambling data
Conclusion
- 24 - Next steps