Learning Path

JavaScript Security

    Syllabus

  • Authentication Course — 00:49:42
    • K0004, K0007, K0016, K0068, K0140, K0236, K0325, K0336, K0372, K0396, K0398, K0487, K0561, S0060, S0172, S0213

      This course explores web authentication and best practices.

  • Web developer desktop security Course — 00:10:43
    • K0004, K0016, K0068, K0105, K0140, K0236, K0325, K0349, K0372, K0396, K0398, K0444, K0624, S0060, S0172, S0213

      A look at common web developer desktop security issues.

  • Serverless JavaScript Course — 01:05:04
    • K0004, K0016, K0068, K0077, K0140, K0236, K0325, K0372, K0396, K0398, S0060, S0143, S0153, S0172, S0213

      Exploring serverless JavaScript.

  • Ecosystem modules (npm) and supply chain Course — 01:03:21
    • K0004, K0016, K0068, K0140, K0236, K0325, K0372, K0396, K0398, S0060, S0172, S0213

      A look at npm and npm packages.

  • Prototype pollution Course — 00:34:44
    • K0004, K0005, K0016, K0068, K0140, K0236, K0325, K0372, K0396, K0398, S0060, S0172, S0213

      This course explores prototype pollution in JavaScript.

  • Regular expressions Course — 00:34:23
    • K0004, K0016, K0023, K0068, K0070, K0140, K0236, K0325, K0372, K0396, K0398, S0013, S0037, S0060, S0172, S0213, S0285

      A look at regular expressions and how to handle them.

  • CSRF and browser security Course — 00:37:16
    • K0004, K0016, K0061, K0068, K0070, K0140, K0236, K0325, K0372, K0396, K0398, S0060, S0172, S0213

      An exploration of cross-site request forgery, or CSRF.

  • XSS and JavaScript remote code executions Course — 01:33:53
    • K0004, K0016, K0068, K0140, K0236, K0325, K0372, K0396, K0398, K0061, K0070, S0060, S0172, S0213

      This course explores cross-site scripting (XSS) in JavaScript.

  • Secure JavaScript Programming overview Course — 00:53:55
    • K0004, K0016, K0068, K0140, K0236, K0325, K0372, K0396, K0398, S0060, S0172, S0213

      An exploration of Java and its runtime environments.

  • JavaScript Security Project Course — 00:09:59
    • K0004, K0016, K0068, K0140, K0236, K0325, K0372, K0396, K0398, S0060, S0172, S0213

      Test your JavaScript knowledge with these challenges!

  • Secure Coding – JavaScript Lab — 00:30:00
    • This lab covers multiple secure coding errors commonly found in JavaScript, including DOM rewrites and the use of the eval() statement.

  • JavaScript Security Skill Assessment Assessment — 00:27:00

Syllabus

What you will learn

This learning path will help you understand the diverse threats and protections of the JavaScript world. We will start by covering the basics, as misunderstanding them often leads developers to write less safe code. Then, we will discuss authentication, XSS and CSRF. We will also spend a bit of time understanding regular expressions through the prism of security. We will also cover serverless security and what a JavaScript developer should do to keep their own desktop machine safe while using development tools.

Wistia video thumbnail

Meet the author

Vladimir works as a software engineer at Sqreen where he builds a tool to secure web applications. Previously, he was a professional security auditor and a web developer in agencies. He is one of the most active members of the Node.js Security Working Group where he handles the security of Node.js and its ecosystem

Vladimir is an official Node.js collaborator and his contributions mostly focus in the domain of security and monitoring. He also often gives talks and training to software engineers to teach them about application security.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. lnfosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every lnfosec Skills subscription so your team can skill up however they learn best.

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

You're in good company

AH

My instructor knew his stuff! His ability to explain heavy concepts in a (quickly) digestible manner is the only reason I am certified today!

Aaron Hahn

AK

The instructor was very well versed in the material presented during the course and delivered it in an effective manner. The training environment was conducive to learning. The material provided for this course was adequate for accomplishing course objectives.

Abram Kauk

AW

The whole experience was great. Very well done. Great lecturing, examples/stories and knowledge of the material.

Adam Wojcicki