Awesome Frontend Security Save

☔️A curated list of tools, articles & resources to help take your frontend security to the next level. Feel free to contribute!

Project README

Code
Dependencies
Headers
Articles
Other lists

Code

JavaScript Secure Coding Practices - A guide written for anyone who is using the JavaScript for web development.
Security Policy - How to add a security policy to your Github repository.
AJAX Security Cheatsheet - A starting point for AJAX security.

Linters

eslint-plugin-security - ESLint rules for Node Security.
eslint-plugin-no-unsanitized - ESLint rules to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike.
eslint-config-sec - ESLint rules for writing safe and secure client code.

Sanitizers

dompurify - XSS sanitizer for HTML, MathML and SVG
sanitize-html - Clean up user-submitted HTML.

Serializers

serialize-javascript - Serialize JavaScript safely - HTML characters and JS line terminators are escaped automatically.

Dependencies

audit-ci - NPM and Yarn dependencies audit for CI/CD.
dtrack-audit - OWASP Dependency Track API client for CI/CD.
Github Automated Security Fixes - How to use automated or manual pull requests to easily update vulnerable dependencies.
Vulnerable Dependency Management - About tools for detecting vulnerable third-party dependencies.

Headers

Security Headers - Check your website's HTTP response headers for security.

Content-Security-Policy

📚Learn

MDN - An article on MDN.
CSP Is Dead, Long Live CSP! - On the Insecurity of Whitelists and the Future of Content Security Policy.
Strict CSP - To get real value out of CSP, your policy must prevent the execution of untrusted scripts.

🧪Create

Webpack CSP configuration - Webpack is capable of adding nonce(number used once) to all scripts that it loads.
csp-html-webpack-plugin - Generates meta content for your Content Security Policy tag.
CSP Hash Generator - Script and style hasher for script-src and style-src directives to disallow inline scripts and styles. More here.

🔍Validate

CSP Evaluator - Paste your policy and check if its safe and strong enough.
CSP Header Inspector - Validate your policies as served from the given URL.
CSP Tester - Browser extension for testing Content Security Policy (CSP).

🤔Analyse

CSP WTF? - Explanations for strange CSP Report notifications.

X-XSS-Protection

📚Learn

MDN - An article on MDN.

X-Frame-Options

📚Learn

MDN - An article on MDN.

Articles

Trusted Types help prevent Cross-Site Scripting - About new browser API that might help obliterate DOM XSS.
Cybersecurity threatscape - Positive Technologies' quarter report on cyber threats and recommendations on how to stay safe.
The Most Common XSS Vulnerability in React.js Applications

Other lists

CSP useful - A collection of parsers, examples and tips for Content Security Policy.
Awesome Web Security - A curated list of Web Security materials and resources.

License

Open Source Agenda is not affiliated with "Awesome Frontend Security" Project. README Source: rustcohlnikov/awesome-frontend-security

Stars

Open Issues

Last Commit

1 year ago

Repository

rustcohlnikov/awesome-frontend-security

License

Creative Commons Zero v1.0 Universal

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/awesome-frontend-security"><img src="https://www.opensourceagenda.com/projects/awesome-frontend-security/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog