Pentesting JavaScript Frameworks

When HTML5 made its debut dynamic html and rich content was all the rave (i.e. ajax, flash, silverlight, dom, etc.). That was until Single Page Applications (MVC) rocked the boat – presentation logic is handled client-side (Javascript driven templates). So, with that in mind, as a pentester you need to familiarise with these frameworks (i.e. Angular, Ember, React, etc.) and pay careful attention to client-server logic interactions (i.e. RESTful APIs, etc.). Don’t assume common vulnerabilities can be exploited in the usual way (i.e. XSS, CSRF, etc.). General scanning tools are not going to come to your rescue….

Getting Single Page Application Security Right

Single Page Security PDF

Single Page Security Video

Wiki dedicated to JavaScript MVC security pitfalls

JavaScript Security Wiki

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s