Reputation: 7370
Security Concerns on clientside (Javascript)
We are going to design and implement a UI for a big website. Owner of the site is really cautious about security issues. I wonder if there is a check list for client-side security recommendations, when designing and coding in Javascript.
Upvotes: 4
Views: 946
Answers (2)
Reputation: 39650
You may use the OWASP guide as a start. It offers a suite of tests that you can systematically use to check your application for common vulnerabilities.
Web application pen testing is a buzz word for what you are trying to achieve. Scan the net for automated tools and background information.
Edit:
You mentioned that not only the client side is your concern, but the overall security of the entire application including the server. My advice would be that if you have never done security assessment of an application before, your boss/the owner of the site should probably consider hiring an external company/consultant for the job. They will do the job for less than it would probably cost if you and your team had to learn the details first. Plus, they have the advantage of having this done over and over again, so they are much less likely to overlook important details.
Upvotes: 5
Reputation: 962
Javascript can easily be tricked. You need to build a system with server side has all the security and the client side will only acts as a interface similar to browser.
Encrypting using strong security certificate will also be an option you may consider.
Upvotes: 1
Related Questions
- Javascript security on a server
- Javascript Security
- Securing Javascript (server side?)
- Improving security with JS
- Can client in some way affect work of my Javascript code?
- Securing pure Ajax/Javascript client
- Security in JavaScript Code
- JavaScript Security Concerns?
- Secured Client-Side script
- Protecting client side logic & data