YoVDO

JS Security - A Pentester's Perspective

Offered By: JSConf via YouTube

Tags

JSConf Courses Javascript Courses JSON Courses HTML5 Courses Web Application Security Courses Secure Coding Practices Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore JavaScript security from a penetration tester's perspective in this JSConf.Asia 2015 talk. Gain insights into how pentesters analyze and exploit web applications, focusing on JavaScript, JSON, and HTML5 security issues. Learn to identify vulnerabilities in code and write secure JavaScript to reduce bugs discovered during testing. Dive into DOM XSS exercises and examine CORS abuse in cross-domain communications. Benefit from the speaker's 12+ years of experience in web application penetration testing across various industries. Discover practical examples, including DOM manipulation, sources and sinks, exploit demonstrations, and solutions. Investigate templating engines, tab nabbing, and automation techniques using Chrome extensions. Gain valuable knowledge to enhance your web application security skills and create safer solutions.

Syllabus

Introduction
Agenda
What is DOM excesses
Why I like DOM excesses
A simple DOM manipulation
Source and Sink
Sources and Sink
Adamek Sucess
Low Priority Issues
Exploit Demo
Solution
Exploit
Templating Engines
Tab Nabbing
Window Dot Name
How do you automate
Chrome extension
How it works
DomCobra
Insecure Blog


Taught by

JSConf

Related Courses

Deno - Next Generation JavaScript Runtime
JSConf via YouTube How I Got 1600 Stars on GitHub in 2 Months of Open Source Work
JSConf via YouTube Is it Okay to Pursue Functional Programming on Frontend - JSConf Korea
JSConf via YouTube If - Extensible Design - Return "Work Life Balance"
JSConf via YouTube React x Web Components - How It Is and How It Could Be
JSConf via YouTube