Top 5 Vulnerabilities for JavaScript
Get Trained and Stay Ahead of Cybersecurity Threats with Our Vast Library of Application Security Training Content.
Components with Known Vulnerabilities
Some vulnerable components (e.g., framework libraries) can be identified and exploited with automated tools, expanding the threat agent pool beyond targeted attackers to include chaotic actors.
Cross Site Request Forgery
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request.
Direct DOM Manipulation XSS
DOM Based XSS is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client-side script so that the client-side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client-side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.
Untrusted HTML Rendering XSS
Stored or Persistent Cross-site Scripting (XSS) occurs when the user-supplied input is stored on a web application and then rendered within a web page. Typical entry points are blog comments and user profiles. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a web application or by passing a link to a victim, tricking them into viewing the page that contains the stored XSS payload. When the victim visits the page, the payload is executed client-side by the victim’s web browser.
Untrusted Template Usage
Untrusted templates are 3rd party templates that can be imported into a web application from external sources and may contain vulnerable code.
Ready to get started?
Experience the full Kontra platform and see what it can do for you and your team.
