HTML5 is the fifth revision of the HTML standard. HTML5 and its integration with JavaScript introduce new security risks that you must consider carefully when writing web front-end code. Modern web-based software, including mobile web front-end applications, make heavy use of innovative JavaScript and HTML5 browser support to deliver advanced user experiences. Front-end developers focus their efforts on creating these experiences and are generally not aware of the security implications of the technologies they use.
This course helps web front-end developers understand the risks involved with manipulating the HTML Document Object Model (DOM) and using the advanced features of JavaScript and HTML5 (e.g., cross-origin resource sharing, local storage, and content security policy). In this course, we’ll reinforce some important security aspects of modern browser architecture and present defensive programming techniques that developers can apply immediately to avoid introducing common vulnerabilities. We’ll also provide a detailed description of typical JavaScript sources and sinks and explain how to use them to detect problems in code.
Delivery Format: eLearning
Duration: 1 hour 30 minutes
Level: Intermediate
Intended Audience:
Prerequisites:
Risk Landscape
The Security Model of the Web
Client-Side Data Storage
Web Messaging
Iframe Sandboxing
Content Security Policy (CSP)
Understanding Cross-Origin Resource Sharing
Securing Web Applications with CORS
Additional HTML5 features
Conclusion
Equip development teams with the skills and education to write secure code and fix issues faster