What Are Some Ways to Prevent MITM Attacks or Other Session Exploitative Attacks with a Web Page That Uses JavaScript?

Problem scenario
You know that sessions of a JavaScript can be exploited in today's world. This category of vulnerability is related to imperfections in authentication and is listed as the #2 biggest web application security risk as of June of 2020 (according to OWASP). What are some techniques to stop such attacks from happening when designing a website that uses JavaScript?

Possible Solution #1
Ensure cookie information is passed using connections that leverage HTTPS (as paraphrased from page 23 of Node.js Security by Liran Tal).

Possible Solution #2
Configure cookies to not be accessed from JavaScript's runtime (page 23 of Node.js Security by Liran Tal).

Possible Solution #3
Obfuscate the name of the cookie to hide the website's underlying technologies (page 23 of Node.js Security by Liran Tal).

Possible Solution #4
Use Cross-Site Request Forgery tokens for every form action on the website; the tokens are long, unguessble strings as taken from page 33 of Node.js Security by Liran Tal. CSRF are a form of session riding (page 31 of Node.js Security by Liran Tal). You may want to use csurf which is a middleware library to manage CSRF tokens (page 36 of Node.js Security by Liran Tal). Alternatively lusca is a "web application security middleware" tool that could help you (page 39 of Node.js Security by Liran Tal).

Leave a comment

Your email address will not be published. Required fields are marked *