JavaScript Security

JavaScript, also referred to as ECMAScript, is now everywhere and can't be avoided. In this learning path, we will go through diverse JavaScript-related attacks and learn how to build safer JavaScript applications. Most of this learning path will cover front-end JavaScript; however, we will also consider Node.js in certain parts of the learning paths.

9 courses  //   30 videos  //   7 hours of training

Learn about the diverse threats and protections of JavaScript

This learning path will help you understand the diverse threats and protections of the JavaScript world. We will start by covering the basics, as misunderstanding them often leads developers to write less safe code. Then, we will discuss authentication, XSS and CSRF. We will also spend a bit of time understanding regular expressions through the prism of security. We will also cover serverless security and what a JavaScript developer should do to keep their own desktop machine safe while using development tools.

Learning path components

JavaScript Security Skill Assessment
Assessment
JavaScript Security Skill Assessment

JavaScript Security Skill Assessment

See how your JavaScript security skills stack up against other professionals in your field.

Number of questions: 20

JavaScript Security Project
Practice Exam
JavaScript Security Project

JavaScript Security Project

Test your JavaScript knowledge with these challenges! In the first four challenges you will find vulnerabilities and exploit them. In the next five challenges, you will fix the vulnerabilities.

Number of questions: 9

Secure JavaScript Programming Overview
Course
Secure JavaScript Programming Overview

Secure JavaScript Programming Overview

An exploration of JavaScript and its runtime environments

4 videos
54 minutes of training

Authentication – JavaScript Security
Course
Authentication – JavaScript Security

Authentication – JavaScript Security

This course explores web authentication and best practices.

3 videos
49 minutes of training

XSS and JavaScript Remote Code Executions
Course
XSS and JavaScript Remote Code Executions

XSS and JavaScript Remote Code Executions

This course explores cross-site scripting (XSS) in JavaScript.

7 videos
94 minutes of training

CSRF and Browser Security
Course
CSRF and Browser Security

CSRF and Browser Security

An exploration of cross-site request forgery, or CSRF

3 videos
38 minutes of training

Regular Expressions
Course
Regular Expressions

Regular Expressions

A look at regular expressions and how to handle them

2 videos
34 minutes of training

Prototype Pollution – JavaScript Security
Course
Prototype Pollution – JavaScript Security

Prototype Pollution – JavaScript Security

This course explores prototype pollution in JavaScript.

2 videos
35 minutes of training

Ecosystem Modules (npm) and Supply Chain – JavaScript Security
Course
Ecosystem Modules (npm) and Supply Chain – JavaScript Security

Ecosystem Modules (npm) and Supply Chain – JavaScript Security

A look at npm and npm packages

4 videos
64 minutes of training

Serverless JavaScript
Course
Serverless JavaScript

Serverless JavaScript

Exploring serverless JavaScript

4 videos
64 minutes of training

Web Developer Desktop Security
Course
Web Developer Desktop Security

Web Developer Desktop Security

A look at common web developer desktop security issues

1 video
11 minutes of training

 

What you’ll learn.

  • Web application security principles and their implication in actual JavaScript codebases
  • The security model of browser applications
  • The impact of security headers and modern XSS mitigation techniques (including trusted types)
  • The basis of Node.js security
  • How to set up a serverless JavaScript project and implement best security practices
  • Common attacks against modern websites (including clickjacking attacks)

Who is this for?

  • Senior JavaScript engineers who need refreshers and level-ups on security
  • Experienced web developers looking up to grow their skills and write safer code
  • Web architects who want to understand the newest protection methods against web application attacks
  • Security engineers who want to understand the security model of JavaScript applications
  • Engineers planning to use or using serverless technologies with JavaScript

 

Meet the author

Vladimir de Turckheim

Vladimir works as a software engineer at Sqreen where he builds a tool to secure web applications. Previously, he was a professional security auditor and a web developer in agencies. He is one of the most active members of the Node.js Security Working Group where he handles the security of Node.js and its ecosystem

Vladimir is an official Node.js collaborator and his contributions mostly focus in the domain of security and monitoring. He also often gives talks and training to software engineers to teach them about application security.

Plans & pricing

Personal
Teams

Infosec Skills subscription

Monthly
Annually
  • 140+ role-based learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support
  • Create custom learning paths from 100s of courses

Live boot camp

Request a quote for pricing

 

Request Quote Browse Boot Camps
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Live, instructor-led training (in-person or live online)
  • 90 day extended access to recordings of daily lessons
  • Certification exam voucher
  • Learn by doing with hundreds of additional hands-on courses and labs

Infosec Skills Teams subscription

Annual

$599 per learner / year

Request Team Quote Free Team Trial
  • Team administration and reporting
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 140+ role-based learning paths (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Skill assessments
  • Create and assign custom learning paths
  • Dedicated client success manager

Live team boot camp

Request a quote for pricing

 

Request Team Quote Browse Boot Camps
  • Team boot camp administration and reporting
  • Exam Pass Guarantee
    If you don’t pass your exam on the first attempt, you'll get a second attempt for free. Includes the ability to re-sit the course for free for up to one year.
  • 100% Satisfaction Guarantee
    If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
  • Knowledge Transfer Guarantee
    If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
  • Certification exam vouchers
  • Live, instructor-led training (onsite, in-person or live online)
  • 90 days extended access to recordings of daily lessons
  • Build your team's skills with hundreds of additional hands-on courses and labs

Award-winning training that you can trust

Technical Skills Development, Online Course Providers & eLearning Content

Technical Skills Development, Online Course Providers & eLearning Content

Infosec Skills

eLearning Content

eLearning Content

Infosec Skills

Best Product - Cybersecurity Training for Infosec Professionals

Best Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Security Education & Platform

Security Education & Platform

Infosec Skills

Ranked #52 in Top 100 Global Software Sellers

Ranked #52 in Top 100 Global Software Sellers

Infosec

Exceptional learning experiences powered by LX Labs cyber expertise

Infosec Skills courses and labs are powered by LX Labs — our elite team of cyber SMEs, learning specialists and community of top-ranked security instructors, published authors and sought-after industry leaders. We rigorously vet all Infosec Skills training resources to guarantee they meet certification and compliance requirements and align with recognized guidelines like the NICE Workforce Framework for Cybersecurity.

LX Labs