Client-side Security Terms

Why is JavaScript Vulnerable?

JavaScript is vulnerable because it is easy for hackers and other threat actors to input query strings into forms to access, steal, or contaminate protected data.

  • JavaScript is the standard for the processing of personal information in client-side websites and applications. There are many open-source and third-party libraries available today, the majority of which have known vulnerabilities and are easy for threat actors to infiltrate.
  • By default, JavaScript environments do not have a security  permissions model built in. The World Wide Web Consortium standard is that security permissions—what code is able to execute and what types of activities scripts are allowed to do—  are housed in browsers, and the responsibility to manage them lies with the site owner. The onus is on site owners to implement CSP, SRI, & other policies.