A rather complex roundabout concept that is easy to make front-end developers crazy.

What is a prototype?

When another developer keeps coming up and asking you, “What the heck is a prototype?”, Answer it: It’s your father’s head, asking questions. This answer is somewhat ludicrous but quite accurate; it can be understood that prototype is either the template or the parent of an object.

In JavaScript, except for undefined, all other types are objects. The string, number, and boolean types are String, Number, and Boolean objects, respectively. Arrays are objects of Array form; functions are objects of Function form. The prototype of each object is its parent. String’s father is String. Prototype, Number’s father is Number.prototype, …

Hackers can sit at website A and seduce users to attack site B and other site C.

In the Romance of the Three Kingdoms, talented military masters who have the talent of manipulating their thoughts sit in stubbornly determined stubbornly thousands of miles away.

This article will explain how hackers attack and also guide you on how to prevent them.

The fundamental of CSRF

CSRF’s full name is Cross-Site Request Forgery (Another name is XSRF). This vulnerability is quite common, and Netflix and Youtube have also been victims of vulnerability.

The consequences caused by it are also “quite” serious, so CRSF is pleased to be in the top 10 of OWASP security vulnerabilities. …

When we first learn, this is also quite simple and harmless. If you’ve ever learned Java or C #, you must remember this keyword is used to point to the object that calls the function. In javascript, this keyword plays a similar role. In the code below, we will see that this returns the object person and prints out exactly what we want.

var person = {
   firstName: 'Hoang',
   lastName: 'Pham',
   showName: function () {
     console.log (this.firstName + '' + this.lastName);
   }
};

// Serialize will lose the method, only keep the properties
JSON.stringify (person); // '{"firstName": "John", "lastName": "Wick"}'

var jsonString = '{"firstName": "John", "lastName": "Wick"}';
var psn = JSON.parse (jsonString); // Convert string to object
console.log (psn.firstName); // John
console.log (psn.lastName); …

A “strange” security hole with a long, and difficult-to-read name.

What is strange?

This security hole is “strange” in that it is in the top 4 OWASP, but there is very little documentation about it. It is not known as XSS or CSRF or SQL Injection (Although its OWASP rank is much higher than XSS or CSRF).

I myself have never heard of the press or news mentioning this error before. Is it possible that there are no well-known cases related to it, or is it because the bug has many complex variations?

The main cause of this vulnerability is the carelessness of a developer or sysadmin (If you encounter this error, you have to drag the developer to cut first, then cut the tester). …

Javascript is originally designed in a rudimentary way, used to validate on the client-side.

If you follow the career of a web developer, you must work every day with js. Js itself is bad, but it comes with countless beneficial libraries/frameworks (jQuery, AngularJS, …); thanks to NodeJS, it even encroaches on the back-end.

In the first lesson, I will introduce the most basic knowledge in JavaScript: object.

What the hell is an Object?

Anyone who has studied Object-Oriented Programming knows about Class and Object concepts. However, there are no Classes but only Objects in JavaScript, so that it won't be obvious for some.
In OOP languages ​​such as C ++, Java, C #, … It can be roughly understood that Class is a framework, and an Object is an object created based on that framework. …

Why adding string will affect the memory and performance of the system?

String

Once upon a time, when we were in Java, we were often told we had to use StringBuilder and append when adding strings instead of adding String. The reason is that String is immutable; its value does not change. When adding a string, we create a new string in memory. StringBuilder is mutable, so when we use the append, its value changes, not a new string is created. Therefore using StringBuilder will save memory and run faster.

Do not believe, please see the 2 code below. The code using StringBuilder only takes 4ms to run, and the code using String takes 4828ms (Source). …

SQL Injection vulnerability, one of the most common and most dangerous security holes of all time.

Why is SQL Injection?

The following reasons have made the famous name of SQL Injection:

Extremely Dangerous — Can cause enormous damage. With SQL Injection, a hacker can access part or all of data in the system.
Very popular and easy to implement — This vulnerability is very well known, from developers to hackers, almost everyone knows. Besides, several SQL Injection attack tools for “non-people” do not know anything about programming.
Lots of big guys were stuck — Sony, Microsoft UK. Every scandal related to “exposing user data” is more or less related to SQL Injection.
Easy to attack, popular, with serious consequences, that’s why Inject (Not just SQL but OS and LDAP) is at the top of the top 10 security holes of OWASP. …

From basic to advanced, from trainee to senior.

Introductory Level — Knowledge base

At this level, you will learn JavaScript as well as programming in general. Therefore, I chose the book to go into the background, easy to read, and understand.