Turns out that I did not figure out any of these vulnerabilities which means that I have been shipping vulnerable code all this time 😬Thanks for the awesome tuts. Time to debug prod 😅
Finally!!!!!!! Just the tutorial I was looking for learning code review. As a security researcher and CTF player, this is a very Vital skill one should master. Or at least try to learn basic Thanks a lot ❤️
I really enjoyed your coding style, the clarity in presenting scenarios, and your explanations. I look forward to watching more of your videos. Additionally, I believe it's crucial to stay informed about security topics, especially given their significance in today's landscape.
Thanks for including proper error management in the second example. I so often see during my tests apps sending global 200's or 500's - not really taking the time to correctly management them -> thus poor having logging information. Many teams should watch this video. Cheers.
understood nothing but loved it! Watched almost 9 minutes of this tut, will come back later after learning the basics of js. Still trying to make a tic-tac-toe game> Wish me luck!
Some common security vulnerabilities in JavaScript include Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). These vulnerabilities can be addressed by following correct development techniques, implementing the same origin policy, and using tools like JavaScript security testing tools and GuardRails for automated security testing. It is important for developers to remain proactive and defensive in securing their JavaScript applications to prevent malicious attacks and keep the web safe.
Great idea, would be really cool to increase font size and install more contrast theme just for the video, because I can't see comments from my phone and barely can read other code. But nevertheless, thanks!
Really nice tutorial with how simple modifications make difference in code. But next time please use a different color for code comments. Grey on grey background makes it really hard to read.
Please make a similar video for solidity . I would say it would help if fcc can upload the famous Secureum Bootcamp for Smart Contract Security Auditing...... it would be very beneficial 🙏
Nice. Thank you for that. Can you do a vid on incorporating 2FA/MFA? Preferably something you can do for free with only something you control. I.E. no dependancy on servers you don't control.
In 14:35, in this case won't we get an error before even entering the find method? because the request's body is in JSON format but the username is an object that can't be inserted into the request's body.
Great tutorial, but most of vulnerabilities you've talked about are not really vulnerabilities, this video should be renamed to some bug you may have in your project
About the Mass Assignment Attack, it seems like you've only made it more challenging for the attacker without completely preventing the attack. This is because req.body.username can still contain any value. I believe it's necessary to validate the data you receive in addition to the measures you've taken to enhance security.
Turns out that I did not figure out any of these vulnerabilities which means that I have been shipping vulnerable code all this time 😬Thanks for the awesome tuts. Time to debug prod 😅
Keep Shipping vulnerable code, This keeps penetration testers like us in job : >
Finally!!!!!!!
Just the tutorial I was looking for learning code review.
As a security researcher and CTF player, this is a very Vital skill one should master. Or at least try to learn basic
Thanks a lot ❤️
i can teach you a better way around this. simply but complex but simple and fast to grasp.
@@davidtosin6995 how do I contact you?
And if you don't mind, will you do it for free? Cause I'm broke.
I really enjoyed your coding style, the clarity in presenting scenarios, and your explanations. I look forward to watching more of your videos. Additionally, I believe it's crucial to stay informed about security topics, especially given their significance in today's landscape.
Does this guy have a course online? What a teacher
Giving examples is a good idea you should give more of them in your courses
Thanks for including proper error management in the second example. I so often see during my tests apps sending global 200's or 500's - not really taking the time to correctly management them -> thus poor having logging information. Many teams should watch this video. Cheers.
Very nice + quick intro to secure code review!
Please change the color of your comment. I can't read it on a black screen, but otherwise you have a fantastic video.
Good one.
Would like to see more on this.
Awesome video as always. Would love to see more videos about cyber security/ethical hacking/pentesting!!
That was an incredible tutorial, thank you very much for share with us.
understood nothing but loved it! Watched almost 9 minutes of this tut, will come back later after learning the basics of js. Still trying to make a tic-tac-toe game> Wish me luck!
Some common security vulnerabilities in JavaScript include Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). These vulnerabilities can be addressed by following correct development techniques, implementing the same origin policy, and using tools like JavaScript security testing tools and GuardRails for automated security testing. It is important for developers to remain proactive and defensive in securing their JavaScript applications to prevent malicious attacks and keep the web safe.
Looking forward for more videos like this.. it's lit💥
Thank you so much, this is incredible!
That is so helpful. Thank you!
wow, amazing quick fire tips, thanks
Great idea, would be really cool to increase font size and install more contrast theme just for the video, because I can't see comments from my phone and barely can read other code. But nevertheless, thanks!
Thank you for this amazing video! Very informative.
Really nice tutorial with how simple modifications make difference in code. But next time please use a different color for code comments. Grey on grey background makes it really hard to read.
Super nice interview questions :)
Amazing course. Thank you sooooooo much for publishing it. Very usefull.
Thank you Brandon ❤
Nice explanation! thanks :)
Thanks for this !! Very informative
Great video, thanks!
great video about security information
The last could be IDOR i mean we can use anothers user ID or others user email, btw learning about JS security
Please make a similar video for solidity . I would say it would help if fcc can upload the famous Secureum Bootcamp for Smart Contract Security Auditing...... it would be very beneficial 🙏
Short n sweet! ❤
Awsome keep the serious long please
Damn this was a cool video. The === surprised me
for the first one, an attacker can enter a https link which links to his unsafe website and then execute code, isn't that unsafe too?
Yes , Open redirect vulnerability
thanks man! you are good
Can we get more of these? Does Brandon has a channell?
Can you guys do a RPA Development Tutorial?
Nice. Thank you for that. Can you do a vid on incorporating 2FA/MFA? Preferably something you can do for free with only something you control. I.E. no dependancy on servers you don't control.
You re all stars
Branden teaching Brendan's language 🎉
what about server side validation?
since client side is exposed to end user
Yes, server side validation should be there no matter what. But there will still be vulnerabilities like SQL injections if not handled properly
Please launch a internet of things course
Vue doesn’t have this issue because it prescribes a router for you to use that has param / query sanitization built in.
19:07 Number 8 is missing the intro/explanation part
Timing attacks make sense
In 14:35, in this case won't we get an error before even entering the find method? because the request's body is in JSON format but the username is an object that can't be inserted into the request's body.
Great tutorial, but most of vulnerabilities you've talked about are not really vulnerabilities, this video should be renamed to some bug you may have in your project
Let's always do alot of good ❤️
Does he have a TH-cam channel?
what the heck is that hand in the thumbnail of this video
Please upload android development full course using kotlin
I heard search Param, saw redirect and started laughing 😂😂😂
Gold Bro!
Very nice.
Are these videos allowed to download?
I don't get the first vulnerability. Since when is just clicking links dangerous ? What can a malicious js code running in browser do at worst ?
Lookup same-origin policy, it can allow the javascript to be run as if you were on the host website, potentially leaking tokens, cookies etc.
This guy is literally Ryan from The Office
RYAN STARTED THE FIRE 🔥🔥😂
@@richardprakash4630 Fire Guy *insert kevin giggle*
About the Mass Assignment Attack, it seems like you've only made it more challenging for the attacker without completely preventing the attack. This is because req.body.username can still contain any value. I believe it's necessary to validate the data you receive in addition to the measures you've taken to enhance security.
Of course validation is implied. The point is to prevent user from assigning data to a parameter that they're not supposed to.
Excelente
great euy
it's easy af
As Fries 🍟🤤😋? Just Kittens 😻. XD
Bioshock Infinite ❤
i found 1'
"Do not trust the client"
👍👍
2 hours
🔥🤩
Brasil em peso😂
First comment yay
waw :000
First 🥇
I mean..... Angular exists for a reason..