How Protected Is The JavaScript On Your Web Page?

When the internet was first created it was not expected to be a place that you would have to worry about items such as security.

It was thought that the openness of the web would lead to people being able to learn from each other and so far that has been true.

This is why on any browser, if you want to see how a web page is built, all you have to do is hit the view source button and you will be able to see the source code for yourself.

Viewing Javascript On A Page Is Easy

The same thing is true with the JavaScript on the web page.

If you want to see how a web designer is able to do a neat trick on the web page you can openly view the source code for JavaScript as well.

But this openness has lead to security problems too.

So, before you release your web page to the public, you should check the JavaScript on the site and make sure that it is secured.

On a normal program or on web sites that has most of their business logic on the server portion of the site it takes an attacker a long time to be able to find an exploit.

They either have to reverse engineer the program or run a lot of tests to see where the weak spots are.

When it comes to JavaScript on a web page, it is a lot easier to find a weakness.

The source code is right on the page so any skilled person can just take that and read it.

Plug The Javascript Security Hole

There are a couple of ways that you can stop your JavaScript from being the hole in your web site security.

None of these techniques are fool proof but at least it will make it a lot harder for someone to be able to exploit your web page.

The first thing that you can do to make sure that someone is not able to exploit your JavaScript code on the page is to place all important business logic on the server.

You can have the parts of the JavaScript that interact with the design of the web page still in the normal spot but anything that relates to business logic and security should be written in a different language.

With the power of Ajax you are able to use the JavaScript and interact with a server language such as PHP.

This will help fill a lot of the holes.

Also, another way that you can make sure that your JavaScript is the not the weak point in your web page is to use obfuscation techniques.

There are programs that will take your JavaScript and make it so that the source code is hard to read but you are still able to run it on a web page.

Again, this is not a surefire method for security but it is able to keep most of the bad guys from being able to exploit your code.

When it comes to JavaScript on the web page, you must be careful.

You do not want it to be the reason why your web site is hacked.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] spot a security hole then your visitors can be put at risk. A hacker can easily use a hole in your JavaScript to be able to attack your site. This is especially true if you’re using AJAX techniques.As a web […]

  2. […] people might confuse the programmability of Javascript with […]

  3. […] This post was mentioned on Twitter by Chad Choron, Gutenbyte. Gutenbyte said: How Protected Is The JavaScript On Your Web Page?: You can have the parts of the JavaScript that interact wi… http://tinyurl.com/33ajszy […]

Speak Your Mind

*