• Online, Self-Paced
Course Description

Defensive Programming is a methodology for writing code that is not prone to present or future errors potentially caused by unexpected user inputs or actions. In this course, you will explore potential risks in web applications and use JavaScript defensive techniques to prevent everything from Document Object Model or DOM manipulation to ensuring proper encoding. You'll also learn about JavaScript Object Notation and how to secure it, as well as how to apply defensive coding to HTML5.

Learning Objectives

Potential Risks in Web Applications

  • start the course
  • list potential Document Object Model or DOM risks to JavaScript and HTML5 applications
  • describe the risks associated with cross-site scripting and cross-site request forgery
  • identify what Document Object Model or DOM-based Cross-Site Scripting or XSS is and illustrate the form an attack might take in JavaScript
  • describe what social jacking is and identify what things users need to be on the lookout for
  • list potential information and trust issues that would affect JavaScript and HTML5 applications

JavaScript Defensive Techniques

  • demonstrate how to prevent Document Object Model or DOM manipulation in JavaScript
  • describe common risks associated with third-party application program interfaces or APIs
  • demonstrate how to prevent page manipulation in JavaScript through cascading style sheets or CSS
  • identify the best practices for dealing with client input in a JavaScript HTML5 application
  • troubleshoot potential risks associated with browser plugins
  • demonstrate how to counteract risks by running JavaScript in a sandbox
  • compare Scalable Vector Graphics or SVG exploits and how to use JavaScript to prevent them
  • describe how to secure JavaScript code in your applications

JavaScript Object Notation Defensive Techniques

  • describe the key features of JavaScript Object Notation
  • list the key risks of using JavaScript Object Notation
  • perform input validation on JavaScript Object Notation or JSON data
  • use the eval method to convert JavaScript Object Notation or JSON data into a JavaScript object

HTML5 Defensive Techniques

  • describe how to implement a cross-origin resource sharing policy in HTML5
  • demonstrate the most secure ways to include media in HTML5 pages
  • describe secure practices for using HTML5 Web Workers
  • distinguish some of the key ways to secure HTML5 applications

Practice: Defensive Techniques for Web Apps

  • use defensive coding techniques to create a secure JavaScript and HTML5 Application

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Software Development
  • Test and Evaluation
  • Vulnerability Assessment and Management