Useful Links
Computer Science
Cybersecurity
JavaScript Security
1. Fundamentals of JavaScript Security
2. Core Client-Side Vulnerabilities
3. Defensive Coding and Mitigation Strategies
4. Browser Security Policies and Features
5. Server-Side Defenses for Client-Side Security
6. Third-Party Code and Supply Chain Security
7. Security in Modern JavaScript Frameworks
8. Advanced Topics
9. Security Testing and Analysis
Advanced Topics
Web Workers and Service Workers
Security Models and Risks
Isolation from Main Thread
Data Leakage Risks
Cross-Origin Restrictions
importScripts Vulnerabilities
Loading Untrusted Scripts
Mitigation Strategies
CSP in Workers
Service Worker Security
Cache Poisoning
Network Interception
Update Mechanisms
Shared Workers
Cross-Origin Communication
Data Sharing Risks
JSON and JSONP Security
JSON Hijacking
Exploitation Techniques
Prevention Methods
Array Constructor Attacks
The Demise of JSONP
Security Risks
Modern Alternatives
Callback Injection
JSON Parsing Security
Prototype Pollution via JSON
Large Payload DoS
Post-Exploitation with JavaScript
Browser Exploitation Framework (BeEF)
Capabilities and Use Cases
Hook Deployment
Data Exfiltration Techniques
Covert Channels
Network Request Abuse
DNS Exfiltration
Image-Based Exfiltration
Persistence Mechanisms
Service Worker Persistence
Local Storage Abuse
Browser Extension Hijacking
WebAssembly (Wasm) Security
Sandboxing and Memory Isolation
Wasm Runtime Protections
Linear Memory Model
Interaction with JavaScript
Security Boundaries
Risks of Unsafe Imports/Exports
Type Confusion Attacks
Wasm-Specific Vulnerabilities
Buffer Overflows
Integer Overflows
Side-Channel Attacks
Browser Extension Security
Extension Permissions Model
Content Script Isolation
Cross-Extension Communication
Malicious Extension Detection
Progressive Web App (PWA) Security
Service Worker Security
App Manifest Security
Push Notification Security
Background Sync Security
Previous
7. Security in Modern JavaScript Frameworks
Go to top
Next
9. Security Testing and Analysis