JavaScript for Line of Business Applications
596.1K views | +0 today
Follow
JavaScript for Line of Business Applications
Keeping track of current JavaScript Frameworks that help design your clientside Business Logic Layers.
Curated by Jan Hesse
Beam to my Inbox:
Your new post is loading...
Your new post is loading...

Popular Tags - Filter using the Funnel

Current selected tag: 'security'. Clear
security 14
Node.js 3
AngularJS 2
authentication 2
Java 2
Frameworks 1
html5 1
SPA 1
Talk 1
Templating 1
websockets 1
Scoop.it!

Integrity protection for third-party JavaScript

From de.slideshare.net - August 24, 2015 6:14 PM

Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. 

This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity (http://www.w3.org/TR/SRI/). Both Firefox and Chrome have initial implementations of this new specification and a few early adopters such as Github are currently evaluating this feature.

more...
No comment yet.
Sign up to comment
Scoop.it!

Spring and Angular JS: A Secure Single Page Application

Spring and Angular JS: A Secure Single Page Application | JavaScript for Line of Business Applications | Scoop.it
From spring.io - January 22, 2015 7:25 PM
In this article we show some nice features of Spring Security, Spring Boot and Angular JS working together to provide a pleasant and secure user experience. It should be accessible to beginners with Spring and Angular JS, but there also is plenty of detail that will be of use to experts in either. This is actually the first in a series of articles on Spring Security and Angular JS, with new features exposed in each one successively. We’ll improve on the application in the second and subsequent installments, but the main changes after this are architectural rather than functional.
Jan Hesse's insight:

http://spring.io/blog/2015/01/12/the-login-page-angular-js-and-spring-security-part-ii

http://spring.io/blog/2015/01/20/the-resource-server-angular-js-and-spring-security-part-iii

http://spring.io/blog/2015/01/28/the-api-gateway-pattern-angular-js-and-spring-security-part-iv

https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v

http://spring.io/blog/2015/03/23/multiple-ui-applications-and-a-gateway-single-page-application-with-spring-and-angular-js-part-vi


more...
No comment yet.
Sign up to comment
Scoop.it!

Protect Your Node App's Noggin With Helmet

Protect Your Node App's Noggin With Helmet | JavaScript for Line of Business Applications | Scoop.it
From scottksmith.com - October 13, 2014 9:41 PM
Learn how to protect your Express Node application from cross-site scripting, script injection, clickjacking, insecure requests, and more by using a set of Express middleware provided by Helmet.
more...
No comment yet.
Sign up to comment
Scoop.it!

Securing a modern JavaScript based single page web application

From vimeo.com - August 11, 2014 1:32 PM

Modern web apps are often single page web apps. The heavy HTML-generating backend is replaced by JavaScript, JavaScript frameworks like Backbone.js and templating languages like mustache.js or underscore.js. Data is transferred via RESTful JSON services. We are moving functionality normally implemented on the server to the browser. Sometimes we even implement the backend using JavaScript.
What kinds of security problems can occur if we do this incorrectly? How do we mitigate the security problems found in these applications?

more...
No comment yet.
Sign up to comment
Scoop.it!

JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks

From de.slideshare.net - December 15, 2013 2:57 PM

JSMVCOMFG: To sternly look at JavaScript MVC and Templating Frameworks.

Security Research on commen Frameworks schowing their weakest parts.
more...
No comment yet.
Sign up to comment
Scoop.it!

Testing Security of HTML5 WebSockets

From www.ethicalhack3r.co.uk - August 31, 2013 6:46 AM

Recently I became faced with my first Web Application Security Assessment which relied heavily on HTML5′s WebSockets.

The first clue that the application was using WebSockets was when the application kept giving me a timeout error while using my proxy of choice, Burp Suite. Looking at the HTTP requests/responses in Burp I noticed that a large JavaScript file was requested and downloaded from the server. Within this file I noticed a URL with the ws:// scheme, the WebSocket scheme.

For some reason the WebSocket handshake was not captured by Burp’s Proxy (even though the WireShark capture shows that the handshake was over HTTP), however, it can be viewed within Google Chrome’s Developer Tools and OWASP’s ZAP Proxy.


* Encryption (SSL/TLS)
* Origin
* Authentication
* Authorisation
* Input Sanitisation


more...
Benjamin Dean's curator insight, September 3, 2013 1:13 AM

As web apps move to be more "real-time" via socket connections, this is probably a good discussion.
Sign up to comment
Scoop.it!

How easy is it to hack JavaScript in a browser?

How easy is it to hack JavaScript in a browser? | JavaScript for Line of Business Applications | Scoop.it
From arstechnica.com - August 18, 2013 4:41 AM
Breaking down the possibilities of breaking in.

My question has to do with JavaScript security.

Imagine an auth system where you're using a JavaScript framework like Backbone or AngularJS, and you need secure endpoints. That's not a problem, as the server always has the last word and will check if you're authorized to do what you want.

But what if you need a little security without involving the server? Is that possible?

For example, say you've got a client-side routing system and you want a concrete route to be protected for logged-in users. So you ping the server asking if you're allowed to visit protected routes and you go on. The problem is that when you ping the server, you store the response in a variable, so the next time you go to a private route, it will check that if you're already logged in (no ping to the server), and depending on the response it will go or not.

How easy is for a user to modify that variable and get access?

more...
No comment yet.
Sign up to comment
Scoop.it!

Webinar Replay: A Single-Page Application with Spring Security and Angular JS

From www.youtube.com - March 15, 2015 4:28 PM

Spring Security, Spring Boot and Angular JS all have nice features for making it really easy to produce modern applications, so there is potentially a lot of value in making them work together very smoothly. Things to consider are cookies, headers, native clients, various security vulnerabilities and how modern browser technology can help us to avoid them. 

In this session we show how nice features of the component frameworks can be integrated simply to provide a pleasant and secure user experience. We start with a very basic single-server implementation and scale it up in stages, splitting out backend resources and authentication to separate services. The final state includes a simple API Gateway on the front end implemented declaratively using Spring Cloud, and using this we are able to neatly sidestep a lot of the problems people encounter securing a javascript front end with a distributed back end. 

more...
No comment yet.
Sign up to comment
Scoop.it!

Node.js Security Tips

Node.js Security Tips | JavaScript for Line of Business Applications | Scoop.it
From blog.risingstack.com - November 30, 2014 10:40 PM

Node.js is getting more and more mature, no doubt - despite this, not a lot of security guidelines are out there.

In this post I will share some points you should keep in mind when it comes to Node.js security.


Contents:

* No eval, or friends
* Strict mode, please
* Static code analysis
* Testing
* Say no to sudo node app.js
* Avoid command injection
* Temp files
* Securing your web application
* Tools to use
* Stay updated

more...
No comment yet.
Sign up to comment
Scoop.it!

How to Develop Safely in HTML5 & JavaScript Environment

How to Develop Safely in HTML5 & JavaScript Environment | JavaScript for Line of Business Applications | Scoop.it
From codecondo.com - September 18, 2014 1:49 PM

It’s important to emphasize security precautions and implications when it comes to these two programming languages, they’re what most new programmers are suggested to learn (because of the immense documentations available), and we shouldn’t let them fall under the progression trap – by which I mean, everyone should acknowledge security – just because there is no one pointing out the basics.

I highly recommend this HTML5 Security Cheatsheet by OWASP security group. They’ve taken the time to discuss some of the most critical HTML5 features, and how to cope with them. If you’re a serious HTML5 developer, that page should be bookmarked until you know it from the back of your head!

more...
No comment yet.
Sign up to comment
Scoop.it!

Single-Page-Application & REST security

From de.slideshare.net - May 27, 2014 12:28 PM

Authentication

* How protect REST services

* API-Key

* Secret-key

* Signature

* Nonce, non-repuduation

* OAuth1 vs OAuth2


Authorization

* Profiles

* Stateless vs stateful

* HATEOAS

* Atom/RSS

more...
No comment yet.
Sign up to comment
Scoop.it!

JavaScript and Web Security

From www.youtube.com - September 25, 2013 12:54 PM

This 49 minute talk covers several topics in JavaScript and web security, including secure password storage and authentication, SRP protocol, and common JavaScript security threats and injection techniques.

more...
No comment yet.
Sign up to comment
Scoop.it!

Writing secure express.js apps

Writing secure express.js apps | JavaScript for Line of Business Applications | Scoop.it
From blog.liftsecurity.io - August 22, 2013 5:42 AM

Here is a starting guide for securing express.js applications, specifically Express v3. It is by no means a comprehensive guide on web application security. Standard rules and practices apply to express.js apps just as if they would to Rails, Django or any other web application.

I’m going to hit the high points of items that always seem to come up.

more...
No comment yet.
Sign up to comment
Scoop.it!

7 steps for building a secure web application

7 steps for building a secure web application | JavaScript for Line of Business Applications | Scoop.it
From www.itproportal.com - August 8, 2013 4:08 AM

For years, security experts have warned of vulnerabilities in web applications. And these warnings are unfortunately coming to fruition. Today, the headlines are dominated with news of a hacker successfully infiltrating one web application or another. We cannot hack or firewall our way to become impenetrable – hackers have proved that – so what can be done to secure these often critical applications?

Thankfully, it is possible. Here are seven steps to security-centric computer programming necessary to build low-risk web-based applications.

Step 1: Query Parameterisation
Step 2: Secure Password Storage
Step 3: Contextual Output Encoding XSS Defence
Step 4: Content Security Policy
Step 5: Cross Site Request Forgery
Step 6: Multi Factor Authentication
Step 7: Forgotten password security design

more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn