We write a lot of JavaScript code, I want to know if it is secure
Why a JavaScript security training?
Cloud based websites and new HTML5 Web interfaces use a lot of JavaScript that can be abused for hacking into websites. JavaScript is an example of client side code of your application that will be executed on the users’ browsers. DOM Based XSS is an example of JavaScript vulnerability that is also referenced in the OWASP top Ten 2013 and, as a consequence, in the PCI DSS standard.
Which JavaScript course is better for my company?
IMQ Minded Security offers a two days JavaScript course tailored for your developers. This course provides the tools and the methodology for developing JavaScript code safely, avoiding the introduction of security issues in the source code. During this training your developers will learn how to identify security issues and how to avoid them during development.
On the other hand it is also possible to have a two days JavaScript course tailored for your auditors, testers and application managers. This training provides the tools and the methodology for security testing JavaScript and HTML 5 code.
Both courses include practical exercises and hands-on sessions on sample applications.
What else?
Conventional tools cannot find DOM Based XSS and manual analysis is very difficult: if you can’t find it, you can’t fix it. Blue Closure is a key component of these courses and for this reason all the students will have a license of Blue Closure for one year. Blue Closure helps to identify the vulnerabilities on the JavaScript code that is running on the browser of your users when they are using your applications. During the training the students will learn how to use this tool in order to find vulnerabilities in complex JavaScript libraries.