Finally!!!!!!! Just the tutorial I was looking for learning code review. As a security researcher and CTF player, this is a very Vital skill one should master. Or at least try to learn basic Thanks a lot ❤️
Turns out that I did not figure out any of these vulnerabilities which means that I have been shipping vulnerable code all this time 😬Thanks for the awesome tuts. Time to debug prod 😅
I really enjoyed your coding style, the clarity in presenting scenarios, and your explanations. I look forward to watching more of your videos. Additionally, I believe it's crucial to stay informed about security topics, especially given their significance in today's landscape.
Thanks for including proper error management in the second example. I so often see during my tests apps sending global 200's or 500's - not really taking the time to correctly management them -> thus poor having logging information. Many teams should watch this video. Cheers.
Some common security vulnerabilities in JavaScript include Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). These vulnerabilities can be addressed by following correct development techniques, implementing the same origin policy, and using tools like JavaScript security testing tools and GuardRails for automated security testing. It is important for developers to remain proactive and defensive in securing their JavaScript applications to prevent malicious attacks and keep the web safe.
Great idea, would be really cool to increase font size and install more contrast theme just for the video, because I can't see comments from my phone and barely can read other code. But nevertheless, thanks!
understood nothing but loved it! Watched almost 9 minutes of this tut, will come back later after learning the basics of js. Still trying to make a tic-tac-toe game> Wish me luck!
Really nice tutorial with how simple modifications make difference in code. But next time please use a different color for code comments. Grey on grey background makes it really hard to read.
Please make a similar video for solidity . I would say it would help if fcc can upload the famous Secureum Bootcamp for Smart Contract Security Auditing...... it would be very beneficial 🙏
In 14:35, in this case won't we get an error before even entering the find method? because the request's body is in JSON format but the username is an object that can't be inserted into the request's body.
Nice. Thank you for that. Can you do a vid on incorporating 2FA/MFA? Preferably something you can do for free with only something you control. I.E. no dependancy on servers you don't control.
Great tutorial, but most of vulnerabilities you've talked about are not really vulnerabilities, this video should be renamed to some bug you may have in your project
About the Mass Assignment Attack, it seems like you've only made it more challenging for the attacker without completely preventing the attack. This is because req.body.username can still contain any value. I believe it's necessary to validate the data you receive in addition to the measures you've taken to enhance security.
Finally!!!!!!!
Just the tutorial I was looking for learning code review.
As a security researcher and CTF player, this is a very Vital skill one should master. Or at least try to learn basic
Thanks a lot ❤️
i can teach you a better way around this. simply but complex but simple and fast to grasp.
@@davidtosin6995 how do I contact you?
And if you don't mind, will you do it for free? Cause I'm broke.
Turns out that I did not figure out any of these vulnerabilities which means that I have been shipping vulnerable code all this time 😬Thanks for the awesome tuts. Time to debug prod 😅
Keep Shipping vulnerable code, This keeps penetration testers like us in job : >
I really enjoyed your coding style, the clarity in presenting scenarios, and your explanations. I look forward to watching more of your videos. Additionally, I believe it's crucial to stay informed about security topics, especially given their significance in today's landscape.
you make it look so easy man!!! amazing
Does this guy have a course online? What a teacher
Awesome video as always. Would love to see more videos about cyber security/ethical hacking/pentesting!!
Thanks for including proper error management in the second example. I so often see during my tests apps sending global 200's or 500's - not really taking the time to correctly management them -> thus poor having logging information. Many teams should watch this video. Cheers.
Very nice + quick intro to secure code review!
Giving examples is a good idea you should give more of them in your courses
Thank you, this was a great refresher. 😃👍
Good one.
Would like to see more on this.
Some common security vulnerabilities in JavaScript include Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). These vulnerabilities can be addressed by following correct development techniques, implementing the same origin policy, and using tools like JavaScript security testing tools and GuardRails for automated security testing. It is important for developers to remain proactive and defensive in securing their JavaScript applications to prevent malicious attacks and keep the web safe.
Thank you so much, this is incredible!
Looking forward for more videos like this.. it's lit💥
That is so helpful. Thank you!
That was an incredible tutorial, thank you very much for share with us.
Thank you for this amazing video! Very informative.
Thank you Brandon ❤
Amazing course. Thank you sooooooo much for publishing it. Very usefull.
Please change the color of your comment. I can't read it on a black screen, but otherwise you have a fantastic video.
Great idea, would be really cool to increase font size and install more contrast theme just for the video, because I can't see comments from my phone and barely can read other code. But nevertheless, thanks!
understood nothing but loved it! Watched almost 9 minutes of this tut, will come back later after learning the basics of js. Still trying to make a tic-tac-toe game> Wish me luck!
wow, amazing quick fire tips, thanks
Thanks for this !! Very informative
Super nice interview questions :)
Really nice tutorial with how simple modifications make difference in code. But next time please use a different color for code comments. Grey on grey background makes it really hard to read.
great video about security information
Nice explanation! thanks :)
Short n sweet! ❤
Great video, thanks!
for the first one, an attacker can enter a https link which links to his unsafe website and then execute code, isn't that unsafe too?
Yes , Open redirect vulnerability
thanks man! you are good
19:07 Number 8 is missing the intro/explanation part
Awsome keep the serious long please
Branden teaching Brendan's language 🎉
Can we get more of these? Does Brandon has a channell?
Damn this was a cool video. The === surprised me
THANK YOU
Please make a similar video for solidity . I would say it would help if fcc can upload the famous Secureum Bootcamp for Smart Contract Security Auditing...... it would be very beneficial 🙏
You re all stars
what about server side validation?
since client side is exposed to end user
Yes, server side validation should be there no matter what. But there will still be vulnerabilities like SQL injections if not handled properly
In 14:35, in this case won't we get an error before even entering the find method? because the request's body is in JSON format but the username is an object that can't be inserted into the request's body.
I heard search Param, saw redirect and started laughing 😂😂😂
Can you guys do a RPA Development Tutorial?
The last could be IDOR i mean we can use anothers user ID or others user email, btw learning about JS security
Let's always do alot of good ❤️
Excelente
Nice. Thank you for that. Can you do a vid on incorporating 2FA/MFA? Preferably something you can do for free with only something you control. I.E. no dependancy on servers you don't control.
great video
Please launch a internet of things course
Are these videos allowed to download?
Vue doesn’t have this issue because it prescribes a router for you to use that has param / query sanitization built in.
Does he have a TH-cam channel?
what the heck is that hand in the thumbnail of this video
Very nice.
👍👍
Great tutorial, but most of vulnerabilities you've talked about are not really vulnerabilities, this video should be renamed to some bug you may have in your project
I don't get the first vulnerability. Since when is just clicking links dangerous ? What can a malicious js code running in browser do at worst ?
Lookup same-origin policy, it can allow the javascript to be run as if you were on the host website, potentially leaking tokens, cookies etc.
Gold Bro!
Timing attacks make sense
Please upload android development full course using kotlin
Bioshock Infinite ❤
About the Mass Assignment Attack, it seems like you've only made it more challenging for the attacker without completely preventing the attack. This is because req.body.username can still contain any value. I believe it's necessary to validate the data you receive in addition to the measures you've taken to enhance security.
Of course validation is implied. The point is to prevent user from assigning data to a parameter that they're not supposed to.
great euy
it's easy af
As Fries 🍟🤤😋? Just Kittens 😻. XD
Brasil em peso😂
This guy is literally Ryan from The Office
RYAN STARTED THE FIRE 🔥🔥😂
@@richardprakash4630 Fire Guy *insert kevin giggle*
🔥🤩
i found 1'
2 hours
waw :000
"Do not trust the client"
First comment yay
First 🥇
I mean..... Angular exists for a reason..