JavaScript Security - Hacktory

JavaScript Security

This course came out of real penetration testing practice. Boost your secure programming skills and produce reliable web applications based on JavaScript.

  • 8 lessons
  • 17 practice assignments

About the course

This course is about JavaScript web vulnerabilities. It is meant for ReactJS front-end developers and NodeJS back-end developers.

To your advantage:

  • Face real cybersecurity challenges. Hone your skills solving real cases and choose when to learn new material and complete assignments
  • Deal with two-way cybersecurity. Practice both offensive and defensive security
  • Use killer tools. Learn to work with the key automated tools for vulnerability search

You will learn

  • Preventing disclosure of confidential data
  • Disabling sourcemap to prevent attackers from finding bugs in the source code
  • Validating user input if dangerouslySetInnerHTML is enabled and getting rid of malicious data to prevent XSS
  • Checking GET URL for tokens to prevent privilege escalation and that ReactJS Build does not have admin routes

The only course that includes practice assignments with ReactJS

  • Open Redirect is a vulnerability that enables successful phishing attacks
  • SourceMap is a widespread error: developers forget to disable the output of source code in prod versions
  • dangerouslySetInnerHTML is an insecure function of ReactJS that allows
  • dangerouslySetInnerHTML is an insecure function of ReactJS that allows injecting JS code without proper processing of user input
  • Admin routes: open admin panel routes on the client side allow attackers gather information about the app's features and discover new attack vectors
  • Client Auth bypass: bypass of authorization on the client side. It may lead to the disclosure of sensitive information
  • Token in URL: attackers may intercept authorization tokens saved in URL and passed in GET requests to elevate their privileges


1. Introduction and useful tools
2. Cross-Site Scripting (Cookie) 
3. Cross-Site Scripting (CSRF, CSP)
4. Cross-Site Request Forgery (CSRF)
5. Authentication Bypass
6. Server-Side Template Injection (SSTI)
7. ReactJS vulnerabilities
8. Prototype Pollution

Are you a genius programmer?

Prove it! Start your cybersecurity education for free and make your coding more secure
Try for free

Who can benefit?

  • JS front-end developers
  • ReactJS front-end developers
  • NodeJS back-end developers
  • Anyone who is interested in JavaScript

Platform advantages

  • Gamified learning process
  • Practical tasks based on real cases
  • Virtual assistants
  • Software – independent environment

Add key items to your CV after the course

  • Understanding of the OWASP TOP-10 vulnerabilities
  • Secure JavaScript development
  • Understanding of cybersecurity tools and techniques
  • Source code audit
  • Security incident prevention
  • Creative problem-solving in cybersecurity
  • Professional certification

We offer 3 different packages

Free trial

  • Two lessons
  • Tests
  • Two daily labs (session up to 3 hours)
  • Exam
  • Certificate
  • More hints
  • More hackcoins
Start free trial


  • All theory lessons
  • Unlimited daily labs (session up to 6 hours)
  • Two 30-min practice assignments
  • Exam
  • Certificate
  • More hints
  • More hackcoins
Buy now premium
15 days 108 USD
Buy now premium
60 days 160 USD
Buy now premium
90 days 235 USD
Buy now premium

Make the first step towards secure JS apps!

Improve the quality and reliability of JavaScript development

Try for free