ECMA Script 6 from an Attacker's Perspective
Offered By: nullcon via YouTube
Course Description
Overview
Explore the world of ECMAScript 6 from a security perspective in this 57-minute conference talk from nullcon Goa 2015. Delve into the development, implementation, and implications of ES6 for web security. Gain insights into new code constructs, attack vectors, and mitigation strategies. Unravel complex terminology like expression interpolation, proper tail calls, computed properties, spread parameters, modules, and tagged template strings. Learn about JavaScript history, syntax extensions, standardization, and new features such as arrow functions and generator functions. Discover how ES6 can be used to bypass sandboxes, exploit templating strings, and leverage symbols. Examine security concerns related to reflection and mixed content. Leave with a comprehensive understanding of ECMAScript 6's impact on web security and how to address potential vulnerabilities.
Syllabus
Intro
Agenda
JavaScript History
JavaScript vs JScript
Syntax Extensions
Standardization
ECMA Script 6
Arrow Functions
Generator Functions
Bypassing the Sandbox
Generator Arrows
Escapes
Templating Strings
Multiline strings
IE XSS filter
Location filter
Shape Layer
Symbols
Unique immutable reference
Symbol to string tag
Serialization of string tags
Unstoppable
Use Includes
Reflection
Mixed Salad
Conclusion
Taught by
nullcon
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network