Defensive Programming for JavaScript & HTML5

Tiago Teles

August, 20th (1 day)

Trainer_Tiago_TelesThis full-day course helps web front-end developers understand the risks involved with manipulating JavaScript and HTML5 and apply defensive programming techniques in both languages. Some of the topics covered include, but are not limited to, important security aspects of modern browser architecture (DOM and SOP), XSS, CSRF, DOM manipulation, Sandboxing iframes, JavaScript Execution Contexts, CORS, Web Messaging, Web Storage, Geolocation, and JSON. This course is structured into modules and includes code analysis and remediation exercises. The high-level topics for this course are:

  • The HTML5 and JavaScript Risk Landscape
  • Storage of Sensitive Data
  • Secure Cross-domain Communications
  • Implementing Secure Dataflow
  • JSON-related Techniques

After completing this course, students will be able to:

  • Apply HTML5 Defensive Programming Techniques
  • Apply JavaScript Defensive Programming Techniques
  • Apply JSON Defensive Programming Techniques


Participants should bring their own laptops with VirtualBox software installed.

About the trainer

Tiago Teles is a Technical Consultant with 7 years of experience in clients across different sectors and countries, including banking, insurance, telecommunications and commercial organizations in a variety of roles: Delivering Training, Development, Business Intelligence and Quality Assurance. For some of the talks already delivered please see: for more information please visit:

For further information or questions please contact Tiago at tteles _at_