JavaScript Security - Hacktory
test

JavaScript Security

This course came out of real penetration testing practice. Boost your secure programming skills and produce reliable web applications based on JavaScript.

  • 8 lessons
  • 17 practice assignments
See prices Try for free

About the course

This course is about JavaScript web vulnerabilities. It is meant for ReactJS front-end developers and NodeJS back-end developers.

To your advantage:

  • Face real cybersecurity challenges. Hone your skills solving real cases and choose when to learn new material and complete assignments
  • Deal with two-way cybersecurity. Practice both offensive and defensive security
  • Use killer tools. Learn to work with the key automated tools for vulnerability search

You will learn

  • Preventing disclosure of confidential data
  • Disabling sourcemap to prevent attackers from finding bugs in the source code
  • Validating user input if dangerouslySetInnerHTML is enabled and getting rid of malicious data to prevent XSS
  • Checking GET URL for tokens to prevent privilege escalation and that ReactJS Build does not have admin routes

The only course that includes practice assignments with ReactJS

  • Open Redirect is a vulnerability that enables successful phishing attacks
  • SourceMap is a widespread error: developers forget to disable the output of source code in prod versions
  • dangerouslySetInnerHTML is an insecure function of ReactJS that allows
  • dangerouslySetInnerHTML is an insecure function of ReactJS that allows injecting JS code without proper processing of user input
  • Admin routes: open admin panel routes on the client side allow attackers gather information about the app's features and discover new attack vectors
  • Client Auth bypass: bypass of authorization on the client side. It may lead to the disclosure of sensitive information
  • Token in URL: attackers may intercept authorization tokens saved in URL and passed in GET requests to elevate their privileges

Lessons

1. Introduction and useful tools
2. Cross-Site Scripting (Cookie) 
3. Cross-Site Scripting (CSRF, CSP)
4. Cross-Site Request Forgery (CSRF)
5. Authentication Bypass
6. Server-Side Template Injection (SSTI)
7. ReactJS vulnerabilities
8. Prototype Pollution

Are you a genius programmer?

Prove it! Start your cybersecurity education for free and make your coding more secure
Try for free

Who can benefit?

  • JS front-end developers
  • ReactJS front-end developers
  • NodeJS back-end developers
  • Anyone who is interested in JavaScript

Platform advantages

  • Gamified learning process
  • Practical tasks based on real cases
  • Virtual assistants
  • Software – independent environment

Add key items to your CV after the course

Position
Developer
Skills
  • Understanding of the OWASP TOP-10 vulnerabilities
  • Secure JavaScript development
  • Understanding of cybersecurity tools and techniques
  • Source code audit
  • Security incident prevention
  • Creative problem-solving in cybersecurity
  • Professional certification

We offer 3 different packages

Free trial

  • Two lessons
  • Tests
  • Two daily labs (session up to 3 hours)
  • Exam
  • Certificate
  • More hints
  • More hackcoins
Start free trial

Premium

  • All theory lessons
  • Unlimited daily labs (session up to 6 hours)
  • Two 30-min practice assignments
  • Exam
  • Certificate
  • More hints
  • More hackcoins
90days
235USD
  • 90days
    235USD
  • 60days
    160USD
  • 30days
    108USD
Get premium!
30 days 108 USD
Get premium!
60 days 160 USD
Get premium!
90 days 235 USD
Get premium!

Make the first step towards secure JS apps!

Improve the quality and reliability of JavaScript development

Try for free