New feature: HTB Academy Badges Learn More

Secure Coding 101: JavaScript

Learn how to improve your JavaScript code's security through Code Review, Static/Dynamic Analysis, Vulnerability Identification, and Patching.


Created by 21y4d

Hard Defensive


In the Secure Coding 101: JavaScript Module, you will learn how to improve the security of your JavaScript code through reverse engineering advanced JavaScript obfuscation functions and identifying hard to find vulnerabilities, and learning how to patch them properly.

This module is ideal for JavaScript developers looking for ways to improve their codes' security and improve their overall secure coding abilities.

This module also introduces you to the basics of JavaScript malware deobfuscation and reversing so that you can statically analyze malware written in JavaScript.

Secure Coding 101: JavaScript

In these modules, you will learn the basics of secure coding, starting with how to review a JavaScript code, analyze it, and reverse its functions. Once you have reviewed the JavaScript code, you will begin to identify potential vulnerabilities and eventually patch the code to ensure it is well secured.

You will be learning skills in Code Review and Secure Coding, as follows:
Code Review:

  • JavaScript code analysis
  • Unpack multiple layers of packed JavaScript code
  • Detect and remove injected dead code
  • Reverse engineering advanced JavaScript obfuscation methods
  • JavaScript Static and Dynamic Analysis, using VSCode and browser Developer Tools

Secure Coding:

  • Identifying common security issues made in JavaScript code
  • Identifying a command injection vulnerability in JavaScript codes
  • Identifying an advanced Cross-Site Scripting (XSS) vulnerability
  • Verifying the existence of the vulnerability
  • Patching the identified errors and vulnerabilities


We recommend taking the JavaScript Deobfuscation module before starting this one. It will cover the basics of Code Obfuscation and Deobfuscation and will give solid grounds to build upon in this module.

Finally, as you will be reviewing JavaScript codes, you are expected to have a basic ability to read and understand code written in JavaScript. Having said that, as this is the first module in the Secure Coding path, the scripts you will be securing will not be overly complicated and will only require basic JavaScript code reading skills.


In Secure Coding, we start by reviewing the codebase to understand the main functionality of the code. After that, we start looking for potentially vulnerable functions that have direct/indirect user control over them and analyze them to see whether they are vulnerable. Before we start, here is the general structure we will follow in the module.

We will discuss two main topics: Code Review and Secure coding, as follows:

Code Review

  1. Code Analysis
  2. Reverse Engineering

Secure coding

  1. Vulnerability Identification
  2. Proof of Concept
  3. Code Evaluation
  4. Code Patching

Such processes in which we analyze the source code and check for vulnerabilities that might often occur in Whitebox penetration tests. Our customer discloses everything necessary for the penetration test (or at least most of it). If we find such vulnerabilities during our penetration test, we have to teach our customers how to close them.

Sign Up / Log In to Unlock the Module

Please Sign Up or Log In to unlock the module and access the rest of the sections.