├── .editorconfig ├── .gitignore ├── CONTRIBUTING.md ├── LICENSE ├── README.md ├── VERSION ├── book.json ├── dist ├── js-webapp-scp.epub ├── js-webapp-scp.mobi └── js-webapp-scp.pdf ├── npm-shrinkwrap.json ├── package.json └── src ├── GLOSSARY.md ├── LICENSE ├── README.md ├── SUMMARY.md ├── access-control └── README.md ├── authentication-password-management ├── README.md ├── communicating-authentication-data.md ├── other-guidelines.md ├── password-policies.md └── validation-and-storage.md ├── communication-security ├── README.md └── ssl-tls.md ├── cover.jpg ├── cover_small.jpg ├── cryptographic-practices ├── README.md └── pseudo-random-generators.md ├── data-protection ├── README.md └── files │ └── cB52MA.jpeg ├── database-security ├── README.md ├── authentication.md ├── connections.md ├── parameterized-queries.md └── stored-procedures.md ├── error-handling-logging ├── README.md ├── error-handling.md └── logging.md ├── file-management └── README.md ├── general-coding-practices ├── README.md ├── concurrency.md ├── content-security-policy.md ├── dependencies.md ├── interpreted-code-integrity.md └── sandboxing.md ├── howto-contribute.md ├── input-validation ├── README.md ├── data-sources.md ├── data-types │ ├── files.md │ ├── numbers.md │ └── strings.md ├── post-validation-actions.md ├── sanitization.md └── validation.md ├── memory-management └── README.md ├── output-encoding ├── README.md ├── cross-site-scripting │ ├── README.md │ ├── client-xss.md │ ├── how-to-prevent.md │ ├── images │ │ ├── angular-xss.png │ │ ├── react-href.png │ │ ├── react-xss.png │ │ └── xss-alert.png │ └── server-xss.md └── database │ ├── README.md │ ├── nosql-injection.md │ └── sql-injection.md ├── session-management ├── README.md └── images │ ├── browser-set-cookie.png │ ├── database-session-entry.png │ └── session-flow.png └── system-configuration └── README.md /.editorconfig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/.editorconfig -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules/ 2 | npm-debug.log 3 | _book 4 | *.swp 5 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/LICENSE -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/README.md -------------------------------------------------------------------------------- /VERSION: -------------------------------------------------------------------------------- 1 | 0.2.8 -------------------------------------------------------------------------------- /book.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/book.json -------------------------------------------------------------------------------- /dist/js-webapp-scp.epub: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/dist/js-webapp-scp.epub -------------------------------------------------------------------------------- /dist/js-webapp-scp.mobi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/dist/js-webapp-scp.mobi -------------------------------------------------------------------------------- /dist/js-webapp-scp.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/dist/js-webapp-scp.pdf -------------------------------------------------------------------------------- /npm-shrinkwrap.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/npm-shrinkwrap.json -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/package.json -------------------------------------------------------------------------------- /src/GLOSSARY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/GLOSSARY.md -------------------------------------------------------------------------------- /src/LICENSE: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/README.md -------------------------------------------------------------------------------- /src/SUMMARY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/SUMMARY.md -------------------------------------------------------------------------------- /src/access-control/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/access-control/README.md -------------------------------------------------------------------------------- /src/authentication-password-management/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/authentication-password-management/README.md -------------------------------------------------------------------------------- /src/authentication-password-management/communicating-authentication-data.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/authentication-password-management/communicating-authentication-data.md -------------------------------------------------------------------------------- /src/authentication-password-management/other-guidelines.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/authentication-password-management/other-guidelines.md -------------------------------------------------------------------------------- /src/authentication-password-management/password-policies.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/authentication-password-management/password-policies.md -------------------------------------------------------------------------------- /src/authentication-password-management/validation-and-storage.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/authentication-password-management/validation-and-storage.md -------------------------------------------------------------------------------- /src/communication-security/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/communication-security/README.md -------------------------------------------------------------------------------- /src/communication-security/ssl-tls.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/communication-security/ssl-tls.md -------------------------------------------------------------------------------- /src/cover.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/cover.jpg -------------------------------------------------------------------------------- /src/cover_small.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/cover_small.jpg -------------------------------------------------------------------------------- /src/cryptographic-practices/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/cryptographic-practices/README.md -------------------------------------------------------------------------------- /src/cryptographic-practices/pseudo-random-generators.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/cryptographic-practices/pseudo-random-generators.md -------------------------------------------------------------------------------- /src/data-protection/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/data-protection/README.md -------------------------------------------------------------------------------- /src/data-protection/files/cB52MA.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/data-protection/files/cB52MA.jpeg -------------------------------------------------------------------------------- /src/database-security/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/database-security/README.md -------------------------------------------------------------------------------- /src/database-security/authentication.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/database-security/authentication.md -------------------------------------------------------------------------------- /src/database-security/connections.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/database-security/connections.md -------------------------------------------------------------------------------- /src/database-security/parameterized-queries.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/database-security/parameterized-queries.md -------------------------------------------------------------------------------- /src/database-security/stored-procedures.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/database-security/stored-procedures.md -------------------------------------------------------------------------------- /src/error-handling-logging/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/error-handling-logging/README.md -------------------------------------------------------------------------------- /src/error-handling-logging/error-handling.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/error-handling-logging/error-handling.md -------------------------------------------------------------------------------- /src/error-handling-logging/logging.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/error-handling-logging/logging.md -------------------------------------------------------------------------------- /src/file-management/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/file-management/README.md -------------------------------------------------------------------------------- /src/general-coding-practices/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/general-coding-practices/README.md -------------------------------------------------------------------------------- /src/general-coding-practices/concurrency.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/general-coding-practices/concurrency.md -------------------------------------------------------------------------------- /src/general-coding-practices/content-security-policy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/general-coding-practices/content-security-policy.md -------------------------------------------------------------------------------- /src/general-coding-practices/dependencies.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/general-coding-practices/dependencies.md -------------------------------------------------------------------------------- /src/general-coding-practices/interpreted-code-integrity.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/general-coding-practices/interpreted-code-integrity.md -------------------------------------------------------------------------------- /src/general-coding-practices/sandboxing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/general-coding-practices/sandboxing.md -------------------------------------------------------------------------------- /src/howto-contribute.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/howto-contribute.md -------------------------------------------------------------------------------- /src/input-validation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/input-validation/README.md -------------------------------------------------------------------------------- /src/input-validation/data-sources.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/input-validation/data-sources.md -------------------------------------------------------------------------------- /src/input-validation/data-types/files.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/input-validation/data-types/files.md -------------------------------------------------------------------------------- /src/input-validation/data-types/numbers.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/input-validation/data-types/numbers.md -------------------------------------------------------------------------------- /src/input-validation/data-types/strings.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/input-validation/data-types/strings.md -------------------------------------------------------------------------------- /src/input-validation/post-validation-actions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/input-validation/post-validation-actions.md -------------------------------------------------------------------------------- /src/input-validation/sanitization.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/input-validation/sanitization.md -------------------------------------------------------------------------------- /src/input-validation/validation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/input-validation/validation.md -------------------------------------------------------------------------------- /src/memory-management/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/memory-management/README.md -------------------------------------------------------------------------------- /src/output-encoding/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/output-encoding/README.md -------------------------------------------------------------------------------- /src/output-encoding/cross-site-scripting/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/output-encoding/cross-site-scripting/README.md -------------------------------------------------------------------------------- /src/output-encoding/cross-site-scripting/client-xss.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/output-encoding/cross-site-scripting/client-xss.md -------------------------------------------------------------------------------- /src/output-encoding/cross-site-scripting/how-to-prevent.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/output-encoding/cross-site-scripting/how-to-prevent.md -------------------------------------------------------------------------------- /src/output-encoding/cross-site-scripting/images/angular-xss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/output-encoding/cross-site-scripting/images/angular-xss.png -------------------------------------------------------------------------------- /src/output-encoding/cross-site-scripting/images/react-href.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/output-encoding/cross-site-scripting/images/react-href.png -------------------------------------------------------------------------------- /src/output-encoding/cross-site-scripting/images/react-xss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/output-encoding/cross-site-scripting/images/react-xss.png -------------------------------------------------------------------------------- /src/output-encoding/cross-site-scripting/images/xss-alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/output-encoding/cross-site-scripting/images/xss-alert.png -------------------------------------------------------------------------------- /src/output-encoding/cross-site-scripting/server-xss.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/output-encoding/cross-site-scripting/server-xss.md -------------------------------------------------------------------------------- /src/output-encoding/database/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/output-encoding/database/README.md -------------------------------------------------------------------------------- /src/output-encoding/database/nosql-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/output-encoding/database/nosql-injection.md -------------------------------------------------------------------------------- /src/output-encoding/database/sql-injection.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/output-encoding/database/sql-injection.md -------------------------------------------------------------------------------- /src/session-management/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/session-management/README.md -------------------------------------------------------------------------------- /src/session-management/images/browser-set-cookie.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/session-management/images/browser-set-cookie.png -------------------------------------------------------------------------------- /src/session-management/images/database-session-entry.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/session-management/images/database-session-entry.png -------------------------------------------------------------------------------- /src/session-management/images/session-flow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/session-management/images/session-flow.png -------------------------------------------------------------------------------- /src/system-configuration/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Checkmarx/JS-SCP/HEAD/src/system-configuration/README.md --------------------------------------------------------------------------------