Turns out that I did not figure out any of these vulnerabilities which means that I have been shipping vulnerable code all this time 😬Thanks for the awesome tuts. Time to debug prod 😅

Finally!!!!!!! Just the tutorial I was looking for learning code review. As a security researcher and CTF player, this is a very Vital skill one should master. Or at least try to learn basic Thanks a lot ❤️

I really enjoyed your coding style, the clarity in presenting scenarios, and your explanations. I look forward to watching more of your videos. Additionally, I believe it's crucial to stay informed about security topics, especially given their significance in today's landscape.

Does this guy have a course online? What a teacher

Some common security vulnerabilities in JavaScript include Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF). These vulnerabilities can be addressed by following correct development techniques, implementing the same origin policy, and using tools like JavaScript security testing tools and GuardRails for automated security testing. It is important for developers to remain proactive and defensive in securing their JavaScript applications to prevent malicious attacks and keep the web safe.

Giving examples is a good idea you should give more of them in your courses

Thanks for including proper error management in the second example. I so often see during my tests apps sending global 200's or 500's - not really taking the time to correctly management them -> thus poor having logging information. Many teams should watch this video. Cheers.

Thank you, this was a great refresher. 😃👍

Please change the color of your comment. I can't read it on a black screen, but otherwise you have a fantastic video.

understood nothing but loved it! Watched almost 9 minutes of this tut, will come back later after learning the basics of js. Still trying to make a tic-tac-toe game> Wish me luck!

Very nice + quick intro to secure code review!

Awesome video as always. Would love to see more videos about cyber security/ethical hacking/pentesting!!

Good one. Would like to see more on this.

wow, amazing quick fire tips, thanks

That was an incredible tutorial, thank you very much for share with us.

That is so helpful. Thank you!

Looking forward for more videos like this.. it's lit💥

Great idea, would be really cool to increase font size and install more contrast theme just for the video, because I can't see comments from my phone and barely can read other code. But nevertheless, thanks!

The last could be IDOR i mean we can use anothers user ID or others user email, btw learning about JS security

Really nice tutorial with how simple modifications make difference in code. But next time please use a different color for code comments. Grey on grey background makes it really hard to read.

Thank you so much, this is incredible!

Thank you for this amazing video! Very informative.

Super nice interview questions :)

Great video, thanks!

Thank you Brandon ❤

Nice explanation! thanks :)

Short n sweet! ❤

great video about security information

Awsome keep the serious long please

thanks man! you are good

Nice. Thank you for that. Can you do a vid on incorporating 2FA/MFA? Preferably something you can do for free with only something you control. I.E. no dependancy on servers you don't control.

Amazing course. Thank you sooooooo much for publishing it. Very usefull.

Please make a similar video for solidity . I would say it would help if fcc can upload the famous Secureum Bootcamp for Smart Contract Security Auditing...... it would be very beneficial 🙏

Branden teaching Brendan's language 🎉

You re all stars

Damn this was a cool video. The === surprised me

Thanks for this !! Very informative

About the Mass Assignment Attack, it seems like you've only made it more challenging for the attacker without completely preventing the attack. This is because req.body.username can still contain any value. I believe it's necessary to validate the data you receive in addition to the measures you've taken to enhance security.

Can you guys do a RPA Development Tutorial?

Timing attacks make sense

for the first one, an attacker can enter a https link which links to his unsafe website and then execute code, isn't that unsafe too?

Let's always do alot of good ❤️

Can we get more of these? Does Brandon has a channell?

what about server side validation? since client side is exposed to end user

Please launch a internet of things course

Vue doesn’t have this issue because it prescribes a router for you to use that has param / query sanitization built in.

In 14:35, in this case won't we get an error before even entering the find method? because the request's body is in JSON format but the username is an object that can't be inserted into the request's body.

Gold Bro!

19:07 Number 8 is missing the intro/explanation part

This guy is literally Ryan from The Office

Very nice.

Are these videos allowed to download?

I heard search Param, saw redirect and started laughing 😂😂😂

Does he have a KZbin channel?

what the heck is that hand in the thumbnail of this video

Great tutorial, but most of vulnerabilities you've talked about are not really vulnerabilities, this video should be renamed to some bug you may have in your project

Please upload android development full course using kotlin

Excelente

I don't get the first vulnerability. Since when is just clicking links dangerous ? What can a malicious js code running in browser do at worst ?

great euy

it's easy af

Bioshock Infinite ❤

i found 1'

👍👍

Brasil em peso😂

2 hours

🔥🤩

"Do not trust the client"

First comment yay

waw :000

First 🥇

I mean..... Angular exists for a reason..