Monster in the Browser
A guide to helping you uncover and eliminate client-side risks.
Meet some of the monsters making off with your data.
From malicious code, to data skimming, to invasion of privacy...monsters in the browser come in all shapes and sizes. Meet some of the most common monsters and hear what they have to say.
I used to send out phising emails, but digital skimming is so much faster.
// Slim "Skim" Monster
Using digital trackers I can build a digital profile of any user globally.
// All Seeing Monster
Injecting malicious code into the npm registry is easier than stealing candy.
// Eddie Injector Monster
What You'll Learn
Gearing Up for Monster Hunting
Before we can go monster hunting, we need a clear approach to client-side security and to understand the different elements of the client-side to consider.
Coming SoonFinding Monster Food
How to identify data assets across your application portoflio because your sensitive data makes the best monster food of course.
Coming SoonHunting Monsters in the Wild - Part I
It's time to start hunting for monsters across your application (attack surface) and classify the findings based on risk level to the business.
Coming SoonHunting Monsters in the Wild - Part II
Let's go hunting for monsters again! This time we will wear our special "privacy lenses" looking for unique monsters that cause privacy issues.
Coming SoonBuilding Trust & Making Friends
We have our findings, it's time to go make friends. Let's start assembling our trusted third-party supply chain along with our peers.
Coming SoonMonster Security Protocols
Lock it down! Let's look at enacting some (client-side) security protocols to keep monsters out and remain secure.
Coming SoonEliminating the Breeding Ground
Security protocols help keep us safe, but it doesn't eliminate the problem. Let's eradicate these monsters at the source by destroying their breeding ground.
Coming SoonCome Along for the Ride
Instead of shipping this as a huge book in a single release, I decided to write this as a guide in public so others can follow along. You can follow along on LinkedIn to be notified of new content or check back here.