JavaScript Security: Best Practices

by Marcin Hoppe

Learn how to write more secure JavaScript code. This course will teach you how to find, fix, and prevent vulnerabilities caused by unique JavaScript issues such as prototype pollution, dynamic typing bugs, and code injection attacks.

What you'll learn

Complex Web applications contain a lot of JavaScript code. Security of those applications depends on how robust this code is. In this course, JavaScript Security: Best Practices, you’ll learn how to improve the security of your JavaScript code. First, you’ll explore how exploiting the dynamic type system may lead to information disclosure vulnerabilities. Next, you’ll discover how JavaScript dynamic code execution functions can allow attackers to run arbitrary code within your application. Finally, you’ll learn how abusing prototypal inheritance may change the behavior of your application in unexpected ways. When you’re finished with this course, you’ll have the skills and knowledge of JavaScript security best practices needed to protect your web applications against attackers.

About the author

Marcin Hoppe is a senior engineering manager on the Product Security team at Auth0, an identity platform for application builders. He is passionate about building secure Node.js applications and promoting security best practices in the JavaScript community. Marcin is also a member of the Node.js Ecosystem Security Working Group under the OpenJS Foundation where his work is focused on running the bug bounty program for third-party Node.js packages. Currently Marcin is heavily involved in efforts ... more

Ready to upskill? Get started