JavaScript security : learn JavaScript security to make your web applications more secure

JavaScript security learn JavaScript security to make your web applications more secure

This book is for JavaScript developers having basic web development knowledge and also for those who want to explore the security issues that arise from the use of JavaScript. Prior knowledge of how JavaScript is used, such as for DOM manipulation or to perform Ajax operations, is assumed.

Detalles Bibliográficos
Otros Autores: Liang, Y. E., author (author)
Formato: Libro electrónico
Idioma:Inglés
Publicado: Birmingham, England : Packt Publishing 2014.
Edición:1st edition
Colección:Community experience distilled.
Materias:
JavaScript (Computer program language)
Internet programming.
Web site development.
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628601906719
Tabla de Contenidos:
  • Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: JavaScript and the Web; JavaScript and your HTML/CSS; jQuery effects; Hide/Show; Toggle; Animation; Chaining; jQuery Ajax; jQuery GET; jQuery getJSON; jQuery POST; JavaScript beyond the client; JavaScript on the server side; Full-stack JavaScript; JavaScript security issues; Cross-site request forgery; Cross-site scripting; Summary; Chapter 2: Secure Ajax RESTful APIs; Building a RESTful server; A simple RESTful server in Node.js and Express.js
  • Frontend code for the to-do list app on top of ExpressJSCross-origin injection ; Injecting JavaScript code; Guessing the API endpoints; Basic defense against similar attacks; Summary; Chapter 3: Cross-site Scripting; What is cross-site scripting?; Persistent cross-site scripting; Nonpersistent cross-site scripting; Examples of cross-site scripting; A simple to-do app using Tornado/Python; Coding up server.py; Cross-site scripting example 1; Cross-site scripting example 2; Cross-site scripting example 3; Defending against cross-site scripting; Do not trust users - parsing input by users
  • SummaryChapter 4: Cross-site Request Forgery; Introducing cross-site request forgery; Examples of CSRF; Basic defense against CSRF attacks; Other examples of CSRF; CSRF using the tags; Other forms of protection; Creating your own app ID and app secret - OAuth-styled; Checking the Origin header; Limiting the lifetime of the token; Summary; Chapter 5: Misplaced Trust in the Client; When trust gets misplaced; A simple example; Building the server side - mistrust.py; The templates; To trust or not to trust; Manipulating the JavaScript code; Dealing with mistrust; Summary
  • Chapter 6: JavaScript PhishingWhat is JavaScript phishing?; Examples of JavaScript phishing; Classic examples; Accessing user history by accessing local state; XSS and CSRF; Intercepting events; Defending against JavaScript phishing; Upgrading to latest versions of web browsers; Recognizing real web pages; Protecting your site against XSS and CSRF; Avoid using pop ups and keep your address bars; Summary; Index

Ejemplares similares