This is a test
- 112 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
JavaScript Security
Book details
Book preview
Table of contents
Citations
About This Book
This book starts off with an introduction to JavaScript security and gives you an overview of the basic functions JavaScript can perform on the Web, both on the client side and the server side. It demonstrates a couple of ways in which RESTful APIs can be laden with security flaws. You will also create a simple RESTful server using Express.js and Node.js. You will then focus on one of the most common JavaScript security attacks, cross-site scripting, and how to prevent cross-site scripting and cross-site forgery.
Last but not least, the book covers JavaScript phishing, how it works, and ways to counter it.
By the end of this book, you will be able to identify various risks of JavaScript and how to prevent them.
Frequently asked questions
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access JavaScript Security by Y.E Liang in PDF and/or ePUB format, as well as other popular books in Computer Science & Programming in Java. We have over one million books available in our catalogue for you to explore.
Information
JavaScript Security
Table of Contents
JavaScript Security
Credits
About the Author
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. JavaScript and the Web
JavaScript and your HTML/CSS elements
jQuery effects
Hide/Show
Toggle
Animation
Chaining
jQuery Ajax
jQuery GET
jQuery getJSON
jQuery POST
JavaScript beyond the client
JavaScript on the server side
Full-stack JavaScript
JavaScript security issues
Cross-site request forgery
Cross-site scripting
Summary
2. Secure Ajax RESTful APIs
Building a RESTful server
A simple RESTful server in Node.js and Express.js
Frontend code for the to-do list app on top of Express.js
Cross-origin injection
Injecting JavaScript code
Guessing the API endpoints
Basic defense against similar attacks
Summary
3. Cross-site Scripting
What is cross-site scripting?
Persistent cross-site scripting
Nonpersistent cross-site scripting
Examples of cross-site scripting
A simple to-do app using Tornado/Python
Coding up server.py
Cross-site scripting example 1
Cross-site scripting example 2
Cross-site scripting example 3
Defending against cross-site scripting
Do not trust users – parsing input by users
Summary
4. Cross-site Request Forgery
Introducing cross-site request forgery
Examples of CSRF
Basic defense against CSRF attacks
Other examples of CSRF
CSRF using the <img> tags
Other forms of protection
Creating your own app ID and app secret – OAuth-styled
Checking the Origin header
Limiting the lifetime of the token
Summary
5. Misplaced Trust in the Client
When trust gets misplaced
A simple example
Building the server side – mistrust.py
The templates
To trust or not to trust
Manipulating the JavaScript code
Dealing with mistrust
Summary
6. JavaScript Phishing
What is JavaScript phishing?
Examples of JavaScript phishing
Classic examples
Accessing user history by accessing the local state
XSS and CSRF
Intercepting events
Defending against JavaScript phishing
Upgrading to latest versions of web browsers
Recognizing real web pages
Protecting your site against XSS and CSRF
Avoid using pop ups and keep your address bars
Summary
Index
JavaScript Security
Copyright © 2014 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: November 2014
Production reference: 1141114
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78398-800-6
www.packtpub.com
Credits
Author
Y.E Liang
Reviewers
Jan Borgelin
Sergio Viudes Carbonell
Moxley Stratton
Mihai Vilcu
Commissioning Editor
Kunal Parikh
Acquisition Editor
Llewellyn Rozario
Content Development Editors
Shali Sasidharan
Anila Vincent
Technical Editor
Mrunal M. Chavan
Copy Editors
Sarang Chari
Rashmi Sawant
Project Coordinator
Neha Bhatnagar
Proofreaders
Simran Bhogal
Maria Gould
Ameesha Green
Paul Hindle
Indexer
Tejal Soni
Production Coordinator
Aparna Bhagat
Cover Work
Aparna Bhagat
About the Author
Y.E Liang is a researcher, author, web developer, and business developer. He has experience in both frontend and backend development, particularly in engineering, user experience using JavaScript/CSS/HTML, and performing social network analysis. He has authored multiple books and research papers.
About the Reviewers
Jan Borgelin is a technical geek with over 15 years of professional software development experience. He currently works as the CTO at BA Group Ltd., a consultancy based in Finland. In his daily work with modern web applications, JavaScript security has become an increasingly important topic as more and more business logic is being implemented within browsers.
Sergio Viudes Carbonell is a 32-year-old mobile developer (apps and games) from Elche, Spain.
He studied Computer Science at the University of Alicante. Then, he worked on developing computer programs and web apps. Now, he works as a mobile developer, creating apps and video games for Android, iOS, and the Web.
He has previously reviewed AndEngine for Android Game Development Cookbook and Mobile Game Design Essentials. Both of these books were published by Packt Publishing. Currently, he is reviewing Mastering AndEngine Game Development, Packt Publishing.
After writing his first program ...
Table of contents
- JavaScript Security