JavaScript and web development are key skills for security pros, says Vladimir de Turckheim
JavaScript is one of the most commonly used coding languages in web development.
"Anytime you want to build something — any web application, any website — you must choose JavaScript," says Vladimir de Turckheim, Infosec Skills author and data engineer at Datadog. "There's almost no alternative in web development. Virtually every company in the world and anyone doing anything on the internet is using JavaScript."
Other technology drives the server side and is used for things like database access, but the web interfaces to interact with that technology are likely JavaScript, says Turckheim. That's why it can be beneficial for IT and cybersecurity professionals to spend one or two years working in web development.
"If you focus your career in security, chances are you will meet web development at some point, and not having an understanding of how the web works will penalize you and limit your ability to communicate with web developers."
Understanding the position of web developer can help you understand how to apply security best practices. Likewise, knowledge of security best practices can help your career as a web developer.
"If you want to carry on in web development, understanding web security will give you a heads up compared to anyone else in the industry," says Turckheim. "You will be hired not only because you can build applications, but also because you can build applications that have fewer chances to be broken into."
And that makes you a more valuable asset.
Learning JavaScript security
Turckheim recently released a JavaScript Security Learning Path in Infosec Skills. It focuses on areas of security that are more up to date or lesser known.
"There is little content on the internet on how to secure or use some of these mechanisms, so I would recommend taking a look at the courses — even if you have experience in those areas," says Turckheim. "I'm going to teach you the gap between traditional web security and web security today."
Turckheim, who is an active member of the Node.js Security Working Group and an official Node.js collaborator, also teaches a Writing Secure Code in Node.js Learning Path.
"Every experience in Node.js is relevant in JavaScript," says Turckheim. While JavaScript as a programming language is used in front-end development, Node.js is used to build server-side applications. "I'd say that 99% of the people I know who use Node.js know how to build applications in the browser too."
The JavaScript Security Learning Path is valuable for Node.js developers and security analysts, as well as those who deal predominantly with JavaScript, says Turckheim.
JavaScript security: What to expect
Turckheim designed his courses to prioritize the most current and relevant information while also reviewing more foundational concepts.
"The things I repeat or go deeper into are probably the most less-known parts," notes Turckheim. "The things I cover faster might still be complicated, but there is enough literature online already to help you learn." He likes "to focus and spend the most time where the resources are hard to find and the learning gap is harder."
Topics covered in his Infosec Skills courses include:
- Web application security principles and their implication in actual JavaScript codebases
- The security model of browser applications
- The impact of security headers and modern XSS mitigation techniques (including trusted types)
- The basis of Node.js security
- How to set up a serverless JavaScript project and implement best security practices
- Common attacks against modern websites (including clickjacking attacks)
Turckheim — who designed security mechanisms used in JavaScript, Python or Google PHP applications — created the JavaScript security path to be relevant to all career roles involving JavaScript development and security.
"You're going to put something on the internet. Do you know what security problems this can lead to?" he asks. "I would recommend this learning path to anyone who has anything running on the internet."
Applying JavaScript knowledge to your career path
JavaScript is a valuable skill set, but it's just one tool in your toolbelt.
"If you learn JavaScript as a language, you will want to learn either front-end or back-end development," says Turckheim. "Anything you learn in the backend will be relevant — if you do JavaScript in the back-end — but front-end development also requires knowledge of HTML, CSS and modern web frameworks."
Lastly, Turchkeim highlights the benefit of talking to people who have the career you want.
"If you have an idea what your dream job is two years from now, sit with someone who already has this dream job. Contact them. People are actually incredibly open to talk about their job and to tell you what you need to learn. Then apply for that job in two years."
Get your free course catalog