From the course: Foundational JavaScript Security
Unlock the full course today
Join today to access over 23,200 courses taught by industry experts.
Security misconfiguration - JavaScript Tutorial
From the course: Foundational JavaScript Security
Security misconfiguration
- [Instructor] Security misconfiguration usually occurs from a lack of proper settings in your application or exposed information from the server side. And they happen typically when a developer publishes the development version of the server. This could open all kinds of settings for hackers to exploit. And also hinder the performance of your application. It also happens when somebody leaves debugging on or even worse, console log sensitive data in the client. From time to time, I test application in sites I use often. And sometimes it's very easy to manipulate the data with a few scripts in the console. But be wary of this issue. Another one is, users default logins and passwords. Example, admin login with an admin password. This happens a lot in the world of bloggers, or many sites from templates, always use complex passwords. And sometimes you can use a tool like one password for that. Also wide open folder or code access…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Contents
-
-
-
-
-
(Locked)
Injection threat2m 21s
-
(Locked)
Broken authentication1m 57s
-
(Locked)
Sensitive data1m 5s
-
(Locked)
XML external entities1m 10s
-
(Locked)
Security misconfiguration1m 28s
-
(Locked)
Insecure deserialization1m 17s
-
(Locked)
Components with known vulnerabilities1m 2s
-
(Locked)
Insufficient logging and monitoring1m 37s
-
(Locked)
Challenge: What is the best resource for top threats?25s
-
(Locked)
Solution: What is the best resource for top threats?39s
-
(Locked)
-
-