JavaScript Lessons
Filters (1)
Error messages containing sensitive information
Learn about the dangers of generating error messages that contain sensitive information. Learn to mitigate and fix this vulnerability from security experts.
Type confusion
Learn about the dangers of type confusion and the dangers of assuming a type. Learn to mitigate and fix the vulnerability from security experts.
Unrestricted upload of files with dangerous types
Learn about the dangers of file uploads and the inefficiently restricted file uploads with dangerous types. Learn to mitigate and fix the vulnerability from experts.
Improper input validation
Learn about the dangers of improper input validation and why you should never trust user input. Learn to mitigate and fix the vulnerability from experts.
Memory leaks
Learn about memory leaks, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
Mass assignment
Learn about mass assignment and the risks of user-provided data. Learn to mitigate and remediate the vulnerability with real-world examples from security experts.
Server-side request forgery
Learn how to protect your code from server-side request forgery attacks by exploiting a vulnerable web app as part of this Snyk Learn tutorial.
Insecure temporary file
Learn about the issues that emerge when creating an insecure temporary file as well as how to mitigate this vulnerability.
Cleartext storage of sensitive information in a cookie
Learn about the issues that arise when storing cleartext or plaintext sensitive information in a cookie as well as solutions to this vulnerability.
XPath injection
Learn about XPath injections, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
Weak password recovery
A user forgot their password! How can you create a secure password recovery? Learn about weak password recoveries, see it in action, and learn the mitigation techniques.
Logging vulnerabilities
Learn what a logging vulnerability is, including logging too much or logging too little, and how to protect your organization.
Insecure Randomness
Learn all about randomness and the importance of having truly random numbers. We'll also look at why insecure randomness is a security concern and how to avoid it.
NoSQL injection attack
Learn how NoSQL Injection attacks work, and compare them to the similar SQL injection attacks with examples and remediation information
Code injection
Learn how to protect your applications against malicious code injection by exploiting a vulnerable web app as part of this Snyk Learn lesson.
No rate limiting
Learn about the issues that arise in an application that employs no rate limiting techniques, as well as how you can go about implementing those protections.
Vulnerable and outdated components
A vulnerable and outdated component is a software component that is no longer supported by the developer, making it susceptible to security vulnerabilities.
Insecure design
Learn about insecure design, and how to mitigate and remediate the vulnerability with real-world examples from security experts.
Insecure hash
Learn what an insecure hash is, why you should be aware of it, and how you can implement strong hashes to remediate the vulnerability in your organization
ReDoS
Learn what ReDos is, why you should be aware of it, and how you can prevent and remediate the vulnerability in your organization
Broken access control
Learn how broken access control exploits work with a step-by-step tutorial, as well as how to mitigate and defend against them with access control settings.
XML external entity injection
Learn how an XXE attack works, and how to mitigate and fix the XXE vulnerability with real-world examples from security experts.
Cross site request forgery
Learn how a cross site request forgery (CSRF) attack works, and how to detect and fix it with real-world examples from security experts.
DOM XSS
Learn how DOM based XSS exploits work, and how to mitigate and remediate the vulnerability with step-by-step interactive tutorials from security experts.
Open redirect
Learn about the risks of exposing open redirects, how to exploit them and how to mitigate them.
Directory traversal
Learn how to protect your code from directory traversal in JavaScript by exploiting a vulnerable web server.
Cross-site scripting
Learn about XSS and how to protect your code from various cross-site scripting (XSS) attacks.
Prototype pollution
Learn what JavaScript prototype pollution is and how to prevent it.
SQL injection
Learn how to create SQL queries securely and avoid SQL injection attempts by malicious third parties.