Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security (Common threats (Obfuscation (https://obfuscator.io/, UglifyJS,…
Security
Common threats
Cross-site scripting (XSS)
Cross-Site Request Forgery (CSRF)
Sensitive data exposure
Injection attacks / Server-Side Javascript Injection SSJI
Obfuscation
https://obfuscator.io/
UglifyJS
http://javascript2img.com/
https://jscrambler.com/
Same-Origin Policies
Access-Control-Allow-Origin
Apply on licensed images/fonts on a CDN to avoid hot linking
Access-Control-Allow-Origin is enforced by the browser
Content-Security-Policy
Strict-Transport-Security
https://hstspreload.org/
Communicating across browser windows
Restrict who can console.log in my window
Securing Cookies
https://publicsuffix.org/list/
Share/Restrict across subdomains
Restrict the path of a cookie (scope cookies)
Cookie SameSite Directive (can protect users from CSRF attacks)
HttpOnly Directive (Server-Only Cookie) (not accessible by client side code)
Resources
https://owasp.org/
OWASP TOP 10
https://snyk.io/
Retire.js
AppSensor
Auth0
JWT
Penetration Testing as a Service (
https://cobalt.io/
)