JavaScript Security

Book Description

Learn JavaScript security to make your web applications more secure

About This Book

• Understand the JavaScript security issues that are a result of both the frontend and the backend of a web app
• Learn to implement Security techniques to avoid cross site forgery and various JavaScript vulnerabilities.
• Secure your JavaScript environment from the ground up, with step-by-step instructions covering all major ways to tackle Security issues

Who This Book Is For

This book is for JavaScript developers having basic web development knowledge and also for those who want to explore the security issues that arise from the use of JavaScript. Prior knowledge of how JavaScript is used, such as for DOM manipulation or to perform Ajax operations, is assumed.

In Detail

This book starts off with an introduction to JavaScript security and gives you an overview of the basic functions JavaScript can perform on the Web, both on the client side and the server side. It demonstrates a couple of ways in which RESTful APIs can be laden with security flaws. You will also create a simple RESTful server using Express.js and Node.js. You will then focus on one of the most common JavaScript security attacks, cross-site scripting, and how to prevent cross-site scripting and cross-site forgery.

Last but not least, the book covers JavaScript phishing, how it works, and ways to counter it.

By the end of this book, you will be able to identify various risks of JavaScript and how to prevent them.

Table of Contents

Chapter 1: JavaScript and the Web
Chapter 2: Secure Ajax RESTful APIs
Chapter 3: Cross-site Scripting
Chapter 4: Cross-site Request Forgery
Chapter 5: Misplaced Trust in the Client
Chapter 6: JavaScript Phishing

中文：

书名：Java脚本安全

学习JavaScript安全性，使您的Web应用程序更加安全

关于本书

• 了解Web应用程序的前端和后端都会产生的JavaScript安全问题
• 学习实现安全技术，以避免跨站点伪造和各种JavaScript漏洞。
• 通过涵盖解决安全问题的所有主要方法的逐步说明，从头开始保护您的JavaScript环境

这本书是为谁写的

本书面向具有基本Web开发知识的Java开发人员，也面向那些想要探索由于使用Java而引起的安全问题的人。假设您事先了解如何使用JavaScript，例如用于DOM操作或执行AJAX操作。

详细地说

本书首先介绍了JavaScript安全性，并概述了可以在Web上执行的基本功能，包括客户端和服务器端。它演示了RESTful API可能存在安全缺陷的几种方式。您还将使用Express.js和Node.js创建一个简单的RESTful服务器。然后，您将重点介绍最常见的一种JavaScript安全攻击–跨站点脚本，以及如何防止跨站点脚本和跨站点伪造。

最后但并非最不重要的一点是，这本书介绍了JavaScript网络钓鱼、它的工作原理以及反钓鱼的方法。

在本书结束时，您将能够识别出JavaScript的各种风险以及如何预防它们。

目录表

第1章：JavaScript和Web
第2章：安全的AJAX REST风格的API
第3章：跨站点脚本编写
第四章：跨站点请求伪造
第5章：对客户的错位信任
第6章：JavaScript网络钓鱼