YoVDO

ECMA Script 6 from an Attacker's Perspective

Offered By: nullcon via YouTube

Tags

nullcon Courses Web Development Courses Cybersecurity Courses Web Security Courses Arrow Functions Courses Serialization Courses

Course Description

Overview

Explore the world of ECMAScript 6 from a security perspective in this 57-minute conference talk from nullcon Goa 2015. Delve into the development, implementation, and implications of ES6 for web security. Gain insights into new code constructs, attack vectors, and mitigation strategies. Unravel complex terminology like expression interpolation, proper tail calls, computed properties, spread parameters, modules, and tagged template strings. Learn about JavaScript history, syntax extensions, standardization, and new features such as arrow functions and generator functions. Discover how ES6 can be used to bypass sandboxes, exploit templating strings, and leverage symbols. Examine security concerns related to reflection and mixed content. Leave with a comprehensive understanding of ECMAScript 6's impact on web security and how to address potential vulnerabilities.

Syllabus

Intro
Agenda
JavaScript History
JavaScript vs JScript
Syntax Extensions
Standardization
ECMA Script 6
Arrow Functions
Generator Functions
Bypassing the Sandbox
Generator Arrows
Escapes
Templating Strings
Multiline strings
IE XSS filter
Location filter
Shape Layer
Symbols
Unique immutable reference
Symbol to string tag
Serialization of string tags
Unstoppable
Use Includes
Reflection
Mixed Salad
Conclusion


Taught by

nullcon

Related Courses

Software as a Service
University of California, Berkeley via Coursera Intro to Computer Science
University of Virginia via Udacity Web Development
Udacity Software Engineering for SaaS
University of California, Berkeley via Coursera CS50's Introduction to Computer Science
Harvard University via edX