From the course: Foundational JavaScript Security
Unlock the full course today
Join today to access over 23,500 courses taught by industry experts.
Injection threat - JavaScript Tutorial
From the course: Foundational JavaScript Security
Injection threat
- [Instructor] Over this chapter, we're going to go through the list of a few of the top security threats as listed by the OWASP organization. If you'd like more details about the most current security issues, solutions, and code snippets, visit owasp.org for more information. There are many injection attacks, such as SQL injection and JavaScript injections, and are one of the most common security issue in this category, and is referred to us cross site scripting attacks, or XSS. This attack is basically when malicious code is executed inside of a user input. The danger in this threat is automated code that goes through your public pages and sends code that executes once the form is submitted. Many frameworks such as React and Angular have means to escape the bad code. And it submits the input as a string, but not all frameworks are made equal. So let me show you an example here. And you can go to this page by going to…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
(Locked)
Injection threat2m 21s
-
(Locked)
Broken authentication1m 57s
-
(Locked)
Sensitive data1m 5s
-
(Locked)
XML external entities1m 10s
-
(Locked)
Security misconfiguration1m 28s
-
(Locked)
Insecure deserialization1m 17s
-
(Locked)
Components with known vulnerabilities1m 2s
-
(Locked)
Insufficient logging and monitoring1m 37s
-
(Locked)
Challenge: What is the best resource for top threats?25s
-
(Locked)
Solution: What is the best resource for top threats?39s
-
(Locked)
-
-