Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

JS Security - A Pentester's Perspective

JSConf via YouTube

Overview

Explore JavaScript security from a penetration tester's perspective in this JSConf.Asia 2015 talk. Gain insights into how pentesters analyze and exploit web applications, focusing on JavaScript, JSON, and HTML5 security issues. Learn to identify vulnerabilities in code and write secure JavaScript to reduce bugs discovered during testing. Dive into DOM XSS exercises and examine CORS abuse in cross-domain communications. Benefit from the speaker's 12+ years of experience in web application penetration testing across various industries. Discover practical examples, including DOM manipulation, sources and sinks, exploit demonstrations, and solutions. Investigate templating engines, tab nabbing, and automation techniques using Chrome extensions. Gain valuable knowledge to enhance your web application security skills and create safer solutions.

Syllabus

Introduction
Agenda
What is DOM excesses
Why I like DOM excesses
A simple DOM manipulation
Source and Sink
Sources and Sink
Adamek Sucess
Low Priority Issues
Exploit Demo
Solution
Exploit
Templating Engines
Tab Nabbing
Window Dot Name
How do you automate
Chrome extension
How it works
DomCobra
Insecure Blog

Taught by

JSConf

Reviews

Start your review of JS Security - A Pentester's Perspective

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.