Franklin

JavaScript security : learn JavaScript security to make your web applications more secure / Y. E. Liang.

Author/Creator:
Liang, Y. E., author.
Edition:
1st edition
Publication:
Birmingham, England : Packt Publishing, 2014.
Series:
Community experience distilled.
Community Experience Distilled
Format/Description:
Book
1 online resource (112 p.)
Subjects:
JavaScript (Computer program language).
Internet programming.
Web site development.
Form/Genre:
Electronic books.
Language:
English
System Details:
text file
Summary:
This book is for JavaScript developers having basic web development knowledge and also for those who want to explore the security issues that arise from the use of JavaScript. Prior knowledge of how JavaScript is used, such as for DOM manipulation or to perform Ajax operations, is assumed.
Contents:
Cover; Copyright; Credits; About the Author; About the Reviewers; www.PacktPub.com; Table of Contents; Preface; Chapter 1: JavaScript and the Web; JavaScript and your HTML/CSS; jQuery effects; Hide/Show; Toggle; Animation; Chaining; jQuery Ajax; jQuery GET; jQuery getJSON; jQuery POST; JavaScript beyond the client; JavaScript on the server side; Full-stack JavaScript; JavaScript security issues; Cross-site request forgery; Cross-site scripting; Summary; Chapter 2: Secure Ajax RESTful APIs; Building a RESTful server; A simple RESTful server in Node.js and Express.js
Frontend code for the to-do list app on top of ExpressJSCross-origin injection ; Injecting JavaScript code; Guessing the API endpoints; Basic defense against similar attacks; Summary; Chapter 3: Cross-site Scripting; What is cross-site scripting?; Persistent cross-site scripting; Nonpersistent cross-site scripting; Examples of cross-site scripting; A simple to-do app using Tornado/Python; Coding up server.py; Cross-site scripting example 1; Cross-site scripting example 2; Cross-site scripting example 3; Defending against cross-site scripting; Do not trust users - parsing input by users
SummaryChapter 4: Cross-site Request Forgery; Introducing cross-site request forgery; Examples of CSRF; Basic defense against CSRF attacks; Other examples of CSRF; CSRF using the tags; Other forms of protection; Creating your own app ID and app secret - OAuth-styled; Checking the Origin header; Limiting the lifetime of the token; Summary; Chapter 5: Misplaced Trust in the Client; When trust gets misplaced; A simple example; Building the server side - mistrust.py; The templates; To trust or not to trust; Manipulating the JavaScript code; Dealing with mistrust; Summary
Chapter 6: JavaScript PhishingWhat is JavaScript phishing?; Examples of JavaScript phishing; Classic examples; Accessing user history by accessing local state; XSS and CSRF; Intercepting events; Defending against JavaScript phishing; Upgrading to latest versions of web browsers; Recognizing real web pages; Protecting your site against XSS and CSRF; Avoid using pop ups and keep your address bars; Summary; Index
Notes:
Includes index.
Description based on online resource; title from PDF title page (ebrary, viewed December 16, 2014).
ISBN:
1-78398-801-0
Loading...
Location Notes Your Loan Policy
Description Status Barcode Your Loan Policy