Abstract

JavaScript is arguably the most important web programming language today with the focus shifting to rich applications that are like desktop apps. If not less, the server-side has seen major advancements in the adoption of JavaScript - in the likes of NodeJS, MongoDB.

This is a completely hands-on session. I use slides as mere placeholders. I will be covering this notorious, lovely, powerful, misunderstood language in the context of security. The evil side of JavaScript. I have spoken about the beautiful parts in my previous talks. And then also spoken about some evil parts in my recent talks on DOM XSS, NodeJS Security and Mashups. This talk is a culmination of questions asked during those talks and other popular issues like JSON exploits that deserved more focused space. I am NOT presenting previously unknown attacks. But taking the old and new, I share my experience. My interesting, real world, exciting encounters with the challenges I see and face with coding, detection, analysis and remediation.

The hands-on lab will be shared with delegates. They can play around later when they wish. I believe - we really understand things only when we do it. Not when we read or hear. At least that holds true for me.