Hackers of India

Javascript static analysis with IronWASP

By  Lavakumar Kuppan  on 15 Feb 2012 @ Nullcon

This talk covers following tools where the speaker has contributed or authored
IRONWASP

Abstract

From its humble beginnings many years ago, JavaScript has been steadily evolving and has now become a powerful and popular language, especially with HTMLS. It is not uncommon to see Web Applications that contain more lines of JavaScript code in them than the number of lines of server-side code. In the HTMLS and mash-up world there are a lot of critical features being implemented on the client-side with JavaScript.All this additional power does come with its security implications. It is absolutely essential that JavaScript code is tested for all of the known client-side vulnerabilities. Testing JavaScript for vulnerabilities is still a relatively new art and there are very few tools available for the same. In this talk you will learn about the various JavaScript related vulnerabilities to look out for, the techniques to test for them and how IronWASP can be used to perform JavaScript vulnerability hunting with relative ease.