Book Image

JavaScript Security

By : Eugene Liang
Book Image

JavaScript Security

By: Eugene Liang

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
JavaScript Security
Eugene Liang
Nov, 2014 | 112 pages
No titles found
Table of Contents (13 chapters)
JavaScript Security
JavaScript Security
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
JavaScript and the Web
JavaScript and the Web
JavaScript and your HTML/CSS elements
JavaScript beyond the client
JavaScript security issues
Summary
2
Secure Ajax RESTful APIs
Secure Ajax RESTful APIs
Building a RESTful server
Basic defense against similar attacks
Summary
3
Cross-site Scripting
Cross-site Scripting
What is cross-site scripting?
Examples of cross-site scripting
Defending against cross-site scripting
Summary
4
Cross-site Request Forgery
Cross-site Request Forgery
Introducing cross-site request forgery
Other examples of CSRF
Other forms of protection
Summary
5
Misplaced Trust in the Client
Misplaced Trust in the Client
When trust gets misplaced
Summary
6
JavaScript Phishing
JavaScript Phishing
What is JavaScript phishing?
Examples of JavaScript phishing
Defending against JavaScript phishing
Summary
Index
Index

When trust gets misplaced

In general, while we try our best to write secure JavaScript code, we must recognize that the JavaScript code that we write will eventually be sent to a browser. With the existence of XSS/CSRF, code on the browser can be manipulated fairly easily, as you saw in the previous chapter.

We will start off with a simple application, where we attempt to create a user, similar to many of the apps we are familiar with, albeit a more simplified one.

We will walk through the creation of the app, use it, and then utilize it again under modified circumstances where the trust actually gets misplaced.

A simple example

This example is based on Tornado/Python. You can easily recreate this example using Express.js/Node.js. The important things to note here are the issues happening on the client side.

What we are going to code in this section is a simple user creation form, which sends the values to the backend/server side. On the client side, we are going to use JavaScript to prevent...

Previous Section
End of Section 2
Next Section