Client-Side JavaScript Supply Chain Attacks
RCCE students will learn how third-party scripts, package updates, injected tags, analytics components, and front-end dependencies can expose users and organizations to compromise. RCCE students will learn to evaluate client-side trust, reduce dependency risk, validate script integrity, map browser-executed attack paths, and respond to compromise involving externally sourced JavaScript. The course covers practical scenarios ranging from dependency review to browser-side telemetry, mitigation, and governance. RCCE students will learn to analyze complex systems and think like an attacker to better defend the organization. This comprehensive course delivers practical knowledge applicable to real-world cybersecurity operations. Starting from foundational concepts, RCCE students will learn through a combination of concept explanation, practical demonstration, and hands-on exercises.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Client-Side JavaScript Supply Chain Attacks
- Execute hands-on tasks for supply chain attacks
- Execute hands-on tasks for advanced • application security • 6 credits
- Execute hands-on tasks for knowledge goals
- Execute hands-on tasks for skill goals — covering script integrity with SRI.
- Execute hands-on tasks for produce client-side sbom and vendor risk reports
- Execute hands-on tasks for package registries
- Execute hands-on tasks for tag managers — covering npm, yarn, pnpm registries, cdnjs, jsDelivr, unpkg.
- Execute hands-on tasks for client-side risks
- Execute hands-on tasks for server-side risks — covering Code executes in user browser, Code executes on controlled infra.
- Execute hands-on tasks for invisible to backend waf/ids — covering Code executes on controlled infra.
- Execute hands-on tasks for weekly downloads
- Execute hands-on tasks for avg transitive deps
| Module 01 | Supply Chain Attacks |
| Module 02 | Advanced • Application Security • 6 Credits |
| Module 03 | Knowledge Goals |
| Module 04 | Skill Goals |
| Module 05 | Produce client-side SBOM and vendor risk reports |
| Module 06 | Package Registries |
| Module 07 | Tag Managers |
| Module 08 | Client-Side Risks |
| Module 09 | Server-Side Risks |
| Module 10 | Invisible to backend WAF/IDS |
| Module 11 | Weekly Downloads |
| Module 12 | Avg Transitive Deps |
| Module 13 | Why Scale Matters |
| Module 14 | Trust Model Weaknesses |
All hands-on labs run on Rocheston Rose X OS. Students practice client-side javascript supply chain attacks by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for supply chain attacks
- Lab 2: Execute hands-on tasks for advanced • application security • 6 credits
- Lab 3: Execute hands-on tasks for knowledge goals
- Lab 4: Execute hands-on tasks for skill goals
- Lab 5: Execute hands-on tasks for produce client-side sbom and vendor risk reports
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Client-Side JavaScript Supply Chain Attacks, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI