Book Image

JavaScript Security

By : Eugene Liang
Book Image

JavaScript Security

By: Eugene Liang

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
JavaScript Security
Eugene Liang
Nov, 2014 | 112 pages
No titles found
Table of Contents (13 chapters)
JavaScript Security
JavaScript Security
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
JavaScript and the Web
JavaScript and the Web
JavaScript and your HTML/CSS elements
JavaScript beyond the client
JavaScript security issues
Summary
2
Secure Ajax RESTful APIs
Secure Ajax RESTful APIs
Building a RESTful server
Basic defense against similar attacks
Summary
3
Cross-site Scripting
Cross-site Scripting
What is cross-site scripting?
Examples of cross-site scripting
Defending against cross-site scripting
Summary
4
Cross-site Request Forgery
Cross-site Request Forgery
Introducing cross-site request forgery
Other examples of CSRF
Other forms of protection
Summary
5
Misplaced Trust in the Client
Misplaced Trust in the Client
When trust gets misplaced
Summary
6
JavaScript Phishing
JavaScript Phishing
What is JavaScript phishing?
Examples of JavaScript phishing
Defending against JavaScript phishing
Summary
Index
Index

Defending against JavaScript phishing

While there are no foolproof ways to defend against JavaScript phishing, there are some basic strategies that we can adopt to avoid phishing.

Upgrading to latest versions of web browsers

Newer versions of web browsers typically contain upgrades or security fixes. To upgrade to newer versions of the particular web browsers you are using, you can simply visit the main website of the browser vendor. For instance, if you are using Google Chrome, you can visit https://www.google.com/chrome/browser/, while you can visit https://www.mozilla.org/en-US/firefox/new/ for Mozilla Firefox.

Some of the more notable ones include the removal of support to access a browser's history either via window.history or by accessing the user's local state: $("a:visited").

Recognizing real web pages

From the aforementioned types of phishing, you might have noticed that one common strategy used by phishing sites is the use of fake websites. Should you recognize a fake website, you can...

Previous Section
End of Section 4
Next Section