Looking for JavaScript Security Tools

Discussion in 'JavaScript' started by Sean McVeigh, Apr 21, 2013.

0
  1. #1
    Hi,

    I am looking for a list of JavaScript security tools. I would like to know what is out there so that I can suggest them to my development teams. Here is a short list of what I have found today:

    JSLint.VS - JavaScript Verifier for Visual Studio (http://www.codeproject.com/Articles/21438/JSLint-VS-JavaScript-Verifier-for-Visual-Studio)
    Google Caja: https://code.google.com/p/google-caja/
    AdSafe: http://adsafe.org/ Very restrictive, but safe.
    JSLINT: http://JSLINT.com defines a safe HTML and JavaScript subset.
    JSGREP: https://github.com/facebook/jsgrep
    Firebug: http://getfirebug.com/


    Can you please suggest others? Open source or not? Thanks!
     
    Sean McVeigh, Apr 21, 2013 IP
  2. Feral

    Feral Active Member

    Messages:
    70
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    68
    #2
    What exactly do you consider a "JavaScript security tool", most of what you have up there are buffers that allow you to run third party scripts on your own site without the worry that they will infect your site with malicious code.

    When I hear security tools I assume you mean some type of analysis program that would look for security holes in the site. But from the list you posted so far I am confused as to what you are actually looking for.
     
    Feral, Apr 22, 2013 IP
  3. Sean McVeigh

    Sean McVeigh Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #3
    Hi Feral, thanks for your reply.

    Yes, I understand that the tools I mentioned wouldn't be considered security tools, and I guess that is my point. I am not sure if there are any "security" tools out there for developing in JavaScript. And yes, there are plenty of tools that can exploit JS on websites, but what I am looking for are a set of tools developers could use to help them write more secure JavaScript code. Perhaps there are none out there.
     
    Sean McVeigh, Apr 22, 2013 IP
  4. Feral

    Feral Active Member

    Messages:
    70
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    68
    #4
    Hi Sean,

    I can't think of anything that would in particular help anyone write more secure code. That really is more of a matter of experience, following defined practices and testing for known exploits as you go. Its not really that hard to test for things like sql injection, file injection or XSS attacks. There are a number of free and paid services out on the market that will scan your site for these types of vulnerabilities.

    I remember reading an article a while ago about a javascript security analyzer from IBM but I have no experience with it and really don't know what it actually does but it might be a place to start.

    Regards,
    Feral
     
    Feral, Apr 22, 2013 IP