{"id":19703123,"url":"https://github.com/danieldanielecki/javascript-security-engineering","last_synced_at":"2025-05-07T11:16:02.071Z","repository":{"id":119243837,"uuid":"377742411","full_name":"danieldanielecki/JavaScript-Security-Engineering","owner":"danieldanielecki","description":"JavaScript Security Engineering (Helicopter View) workshop, crafted for 3 hours with a bunch of demos","archived":false,"fork":false,"pushed_at":"2021-09-02T07:06:49.000Z","size":19903,"stargazers_count":4,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-05-07T11:15:27.877Z","etag":null,"topics":["angular","compiler","cross-origin-resource-sharing","cross-site-scripting","firebase-security","helmet","helmetjs","javascript","javascript-security","react","reactjs","security","serverless-security","svelte","svelte3","sveltejs","typescript","vue","vuejs","web-security"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/danieldanielecki.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-06-17T07:26:47.000Z","updated_at":"2023-09-20T11:43:04.000Z","dependencies_parsed_at":null,"dependency_job_id":"2310452a-56d9-445a-8362-e8b888d947f1","html_url":"https://github.com/danieldanielecki/JavaScript-Security-Engineering","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danieldanielecki%2FJavaScript-Security-Engineering","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danieldanielecki%2FJavaScript-Security-Engineering/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danieldanielecki%2FJavaScript-Security-Engineering/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danieldanielecki%2FJavaScript-Security-Engineering/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/danieldanielecki","download_url":"https://codeload.github.com/danieldanielecki/JavaScript-Security-Engineering/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252865630,"owners_count":21816309,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["angular","compiler","cross-origin-resource-sharing","cross-site-scripting","firebase-security","helmet","helmetjs","javascript","javascript-security","react","reactjs","security","serverless-security","svelte","svelte3","sveltejs","typescript","vue","vuejs","web-security"],"created_at":"2024-11-11T21:17:02.034Z","updated_at":"2025-05-07T11:16:02.035Z","avatar_url":"https://github.com/danieldanielecki.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# JavaScript Security Engineering\n\nThis repository is for mine JavaScript Security Engineering 2.5 hours workshop with demos around\n\n## Feedback\n\nLots of information, JWT part has 1 slide to improve regarding what \"RS\" (apparently that's hashing algorithm, not signature algorithm) and \"256\" (it's just length) means exactly according to definitions.\n\nAlso in JWT, PKC is so expensive in computation that's why asymmetric and symmetric crypto is combined, so it's not like symmetric crypto is not being used.\n\nCrypto topic could've been covered more in depth, but it would give even longer talk. Generally speaking, each of those topic can be a separated conference talk.\n\nFrom Web Security point of view, only SQL Injection was missing, but it wasn't too much related to JavaScript that's why it was skipped.\n\nDon't know why `csrfCookie \u0026\u0026 csrfHeader \u0026\u0026 csrfCookie === csrfHeader` is set like this in CSRF example, not just `srfCookie === csrfHeader`. In addition to that, it'd pass if both would be undefined, then we'd have `undefined === undefined`.\n\nAs written, in CSP subfolder, something different than blocking a POST request could've been shown to differentiate better between CORS and CSP. Maybe `unsafe-inline` might be an interesting case\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanieldanielecki%2Fjavascript-security-engineering","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanieldanielecki%2Fjavascript-security-engineering","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanieldanielecki%2Fjavascript-security-engineering/lists"}