ECMA Script 6 from an Attacker's Perspective

Explore the world of ECMAScript 6 from a security perspective in this 57-minute conference talk from nullcon Goa 2015. Delve into the development, implementation, and implications of ES6 for web security. Gain insights into new code constructs, attack vectors, and mitigation strategies. Unravel complex terminology like expression interpolation, proper tail calls, computed properties, spread parameters, modules, and tagged template strings. Learn about JavaScript history, syntax extensions, standardization, and new features such as arrow functions and generator functions. Discover how ES6 can be used to bypass sandboxes, exploit templating strings, and leverage symbols. Examine security concerns related to reflection and mixed content. Leave with a comprehensive understanding of ECMAScript 6's impact on web security and how to address potential vulnerabilities.

Intro
Agenda
JavaScript History
JavaScript vs JScript
Syntax Extensions
Standardization
ECMA Script 6
Arrow Functions
Generator Functions
Bypassing the Sandbox
Generator Arrows
Escapes
Templating Strings
Multiline strings
IE XSS filter
Location filter
Shape Layer
Symbols
Unique immutable reference
Symbol to string tag
Serialization of string tags
Unstoppable
Use Includes
Reflection
Mixed Salad
Conclusion