The 9th item on the OWASP Top 10 is A9 – Insufficient Transport Layer Protection. This is mostly a browser to server and server to server issue.
The 8th item on the OWASP Top 10 is A8 – Failure to Restrict URL Access. This one is kind of interesting as what you see in the browser and what you see on the server are more often than not two very different things in javascript driven web apps. This is especially true for single page webapps.
This post describes how OWASP Top 10 – A7: Insecure Cryptographic Storage affects javascript applications. This is a wide category which covers a lot more than this blog post. I’ll try to focus on the aspects that often occur in applications that rely heavily on JavaScript
The vulnerability known as A5 – Cross-Site Request Forgery (CSRF) has many names including session riding and one-click attack. It’s a blind attack in the sense that the attacker is not directly attacking the application, but rather tricks a user into doing the attack for him. In this article we’ll look at what’s going on, how to fix it and also look at an attack specific to single page web applications.
How do A4 – Insecure Direct Object References apply to Javascript? Well, it all depends on how the system was formed, but this is very likely to become a problem in pure JavaScript apps. Read on for an explanation of why. But first, this is the risk rating from OWASP: Threat Agents Attack Vectors Security [...]
Cross site Scripting – or XSS – is probably one of the most common and one of the most difficult problems to fully mitigate. At first it seems simple, but as contexts grow in complexity and the amount of code grows, it get’s harder to discover all the different sinks.
Injection problems usually occur whenever unsanitized user data is concatenated with a static template to build a structure (typically a query of some kind).
