5 Dangers Of JavaScript | Web Development Basics

JavaScript is one of the most popular languages in the recent years

and it is being extensively used when developing Web Applications on both the Client Side and Server Side.

With it’s increase in popularity, JavaScript has also been used increasingly when developing Desktop Softwares and Mobile Applications.

That being the case, it has also become the target of a huge amount of hackers,

who are more than happy to attack any little crack that they are able to find

in Websites, Web Applications or Infrastructures that uses JavaScript.

In this Article, we will be going over 5 major dangers

• Source Code Vulnerability
• Widespread Thoughtless and Unverified use of NPM / Public Packages
• Malicious Code Execution Attacks
• Data Validation with JavaScript on it’s own on the Client Side
• Extensive Use of Cookie based storage of Session Data

that stem from JavaScript inherently

Or because of thoughtless use of JavaScript everywhere, even in place it is not required.

So, without further ado, let’s get started!

Source Code Vulnerability | Dangers Of JavaScript

Source Code Vulnerability is a term usually used to define a flaw or a loophole that exists in the Source Code,

which if misused by nefarious entities like hackers, can lead to unintended consequences like Loss of

• Private Consumer info – Email Address, Physical Address, Financial Details, etc.
• Confidential Information – Medical Records
• Proprietary, Undisclosed, or Internal Company Technologies – R&D Documents
• Company’s Other Source Codes – Them Being Leaked To Public
• and much more

This sort of situations can also have severe legal implications

so it’s is extremely necessary to get in the forefront of such vulnerabilities and solve them as soon as possible.

Now, the problem with JavaScript or almost all the Scripting languages is that

They are Interpreted Languages and not Compiled languages.

Because of this, it becomes literally impossible to protect the JavaScript Code

as you are literally giving the code you wrote to the users of your softwares or applications in plain text

or in a format that can be easily Interpreted and converted to plain text.

This means that they will be able to try and test various exploits

and with JavaScript being as powerful as it is,

you can just imagine the kind of hell that such nefarious entities can break lose with a little dedication on their part.

Of course, people who are invested in trying to make their source code more secure

have come up with techniques like Code Obfuscation,

which to be completely honest is much better than just giving your code in a human readable form

is just a Band-Aid which will slow down the hackers as they try to de-obfuscation the said Obfuscated Code

but finally such a method will not do anything to stop a dedicated person.

Widespread Thoughtless and Unverified use of NPM / Public Packages | Dangers Of JavaScript

Another extremely unsettling point about the increase of use of JavaScript

is the as the heading says – Widespread Thoughtless and Unverified use of such public packages.

Now, i have no problem with NPM or Public Packages, Not at all,

I actually love the flourishing community which leads the development of such public packages

and spend their own valuable time and talent which they could use to earn more for their families

But what i hate is the Unverified use of such packages.

Security of your softwares and consumers need to be an utmost importance is something i strongly believe in

And when Unverified use of such public packages is done,

you are using another person’s code in your infrastructure

and somehow believing that such code does not contain anything obviously or not so obviously nefarious.

All in all, what i hope for the future is that developers using JavaScript or any other languages

will be cautious, check and check a couple more time,

the public packages that they intent to use in their softwares and applications,

to make sure that they behave in they way they were expected and does so securely.

I also hope that, they would regularly verify the integrity of such public packages

to make sure that these packages are being maintained regularly with bug fixes for any known vulnerabilities

And if not, then they should as soon as possible find or develop appropriate alternatives

and move their infrastructure away from such packages.

Malicious Code Execution Attacks | Cross-Site Scripting (XSS) | Dangers Of JavaScript

Malicious Code Execution / Injection Attacks are one of the most dangerous and nefarious uses of JavaScript

and XSS i.e Cross Site Scripting being the most well know sort of such attack.

The issue with JavaScript is how it allows the manipulation of DOM i.e Document Object Model

and how this can be used by hackers to perform Cross Site Scripting Attack

as JavaScript allows scripts to be Embedded and Executed on the visitor’s computer.

In Layman’s terms, Cross Site Scripting in an attack where hackers try to inject a piece of their own code

into a Trusted Websites like Youtube or Twitter,

in order to run their script / code on computers of visitor’s of such trusted websites

They will usually do so in places where people can Input Data. Ex – Twitter Bio, Blog Comments, Search Boxes, etc

And if such input field are Not Correctly Sanitized with correct Validation, Filtering and Escaping User Inputs

this input fields can allow hackers to inject their Malicious Code into a Trusted Website.

Once such code has been injected whenever anyone from the internet reaches such Infected Webpage

or based on the other criteria by the hacker, this Malicious code will be execute.

This sort of Malicious Code can be used to

• Steal Sensitive and Confidential Information from Database
• Hijack User Session Tokens
• Utilizing Credentials to access other sites
• Steal Cookies
• Browsing Details
• and much more

as that is just how powerful JavaScript is and if caution is not maintained while using it,

it can be one of the most destructive things on the internet.

Data Validation with JavaScript on it’s own on the Client Side | Dangers Of JavaScript

Performing Data Validation only on the Client Side and not doing any Data Validation on the Server Side

is one of the most foolish thing that a JavaScript Developer or literally any developer can do.

As JavaScript is run directly on the client’s computer, it is incredibly susceptible to attacks

which would Manipulate Function Responses or Outright Bypass The Client Side Validation that were ideally supposed to have happened.

On top of that, hackers also have access to Specialized Tools

which can make these tasks Quick and Easy for them in ideal situations

where their tools are made to bypass ill Maintained public packages used by a lot of people.

To prevent this from happening, you just need to do Data Validation on both Client and Server Side

Doing so will not only keep the snappy response that the end users want

for immediate issues with their inputs because of Client Side Data Validation

But it will also make sure that no Erroneous, False, Corrupted or Unexpected data

can enter your secure system because of Server Side Data Validation.

Extensive Use of Cookie based storage of Session Data | Dangers Of JavaScript

Cookies are used by Website or Web Application Developers to store various sorts of data on the Client Computer

and with how powerful JavaScript is, you should already be able to guess what can happen.

If appropriate precaution is not taken, JavaScript can basically access all the information that is sent by the Web Server to the Client Computer

This information includes every piece of data in Cookies, Local Storage and Session Storage of the Web Browser.

Now, as nothing is practically secure in any of these locations from JavaScript,

just imagine what will happen when a huge amount of developers think that

It is a great idea to store Session Data in these locations.

The answer is actually pretty simple, hackers will use their malicious scripts

to Steal this Session Data and Hijack the Session

And then what? Well, They do whatever they want!

As they are now legitimately logged in to your account with you Verified Session Data.

Conclusion

Well Folks! That does it for this article about the Dangers of Javascript.

If you are a JavaScript Developer, I hope that you will try your best to keep your softwares and applications secure.

Have a Great Day and See you in the Next Article!

Share this post on Social Media platforms, if you think our content is great.

If you like the content and would like to follow us, we are present on the platforms below

Follow Us On Social Media

Goodbye For Now,
This is your host VP
Signing Off.