JavaScript security: The importance of prioritizing the client side

JavaScript security: The importance of prioritizing the client side


In this interview with Help Net Security, Vitaliy Lim, CTO at Feroot, talks about why prioritizing client-side security is so important. The interview focuses on the most common JavaScript threats, the devastating impact of malicious or vulnerable code, and the importance of JavaScript security in the development process.

We’re hearing a lot of JavaScript threats in the news these days. Can you tell us a little bit about these threats and why they’re so dangerous?

JavaScript is a really easy programming language to hack. Hackers and attackers can easily input query strings into the JavaScript code on web applications to access, steal, or contaminate protected data. So, any vulnerable or malicious JavaScript code that ends up in a web application is going to present significant risks to an organization.

In addition, these days most front-end developers assemble web applications from scripts found in third-party libraries. If the code found in the libraries is dangerous—for example, it’s poorly written or intentionally malicious—then the entire JavaScript software supply chain has been compromised. Also, sometimes internal business staff inadvertently place vulnerable JavaScript tags in a sensitive location in the web application—for example near a login where the tag might be able to capture user credentials. Finally, JavaScript is used in approximately 98% of the websites worldwide. This creates a huge attack surface for threat actors.

Read the full interview on HelpNet Security: