Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

JavaScript - The Evil Parts

JSConf via YouTube

Overview

Explore the darker side of JavaScript in this provocative JSConf talk. Delve into security vulnerabilities, design flaws, and potential exploits within the language. Learn about application content hijacking, namespace emulation, and client-side database manipulation. Discover timing attacks, browser history theft techniques, and de-anonymization methods. Examine how attackers can leverage JavaScript to target internal systems and enterprise networks. Gain insights into obfuscated JavaScript and invisible malicious code. Walk away with a deeper understanding of JavaScript's potential security risks and how to mitigate them in your own applications.

Syllabus

Intro
Security Vulnerability == Sexy Bug
Security Winerability -- Sexy Bug
Design Flaws
JavaScript Can Application Content
Hijacking Applications
Emulating Namespaces
Shimming Ajax.Request
Shimmed Version of Ajax.Request
Dumping Client-side Databases List Mania!
Detecting Remote Application State
OMG! Timing Attacks. 3
In The Beginning...
Blast From The Past
Steal Browser History
Expanding History Theft
Word Case & Order Affect URL
How Many Combos?
Totally Doable
De-anonymization
Attacking The Enterprise With JavaScript
Attackers Want Internal Systems
Browsers Provide a Foothold
Everything has a Web Interface
Obfuscated JavaScript
Hydrate Function
Invisible Malicious Code!
Take Away

Taught by

JSConf

Reviews

Start your review of JavaScript - The Evil Parts

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.