Captain Marvellous JavaScript: A Look at How Hackers Use JS

The modern web would be grossly incomplete without JavaScript. While the dev world is using JS to build more user friendly, experience rich, responsive and fast web applications, hackers have been using JavaScript on a parallel trail using the same programming principles as the devs to break implmentations, attack users and servers alike. In this very “informally fun” (TM) talk, filled with examples and demos, we will see how hackers (mis)use the constructs available within JavaScript/ECMAScript to go beyond XSS and automate vulnerability discovery, attack seemingly secure endpoints, exploit weaknesses in implementation and break user trust for profit and for fun. The key takeways for attendees from this talk would be:
– Understanding how attackers see and use JavaScript – Introduction to attacks and techniques/usage of JS beyond the standard XSS – How JavaScript can be used as a powerful weapon in the discovery and exploitation of vulnerabilities. EVENT: JSFOO 2019 SPEAKER: Riyaz Walikar PUBLICATION PERMISSIONS: Original video was published with the Creative Commons Attribution license (reuse allowed). ATTRIBUTION CREDITS: Original video source: https://www.youtube.com/watch?v=_KLm7dvhGJw https://www.youtube.com/watch?v=gv1SEzJGeu4