• Friday , 7 August 2020

Worst JavaScript Flaws That Hackers Love To Abuse

Code Canyon

Some of the very things that make JavaScript awesome can also make it exposed. This talk will go through some sample security flaws unique to JavaScript’s async nature and surrounding ecosystem. We’ll show live exploits to understand the issues and their impact, explain why they happen and – most importantly – how to avoid or fix them.

EVENT: JS Congress, 2016

SPEAKER: Guy Podjarny

PERMISSIONS: The original video was published on JS Congress YouTube channel with the Creative Commons Attribution license (reuse allowed).

ORIGINAL SOURCE: https://www.youtube.com/watch?v=lNk9Ami4Zls

Original source

3d Ocean

Related Posts


  1. Bunny
    December 17, 2018 at 12:45

    I like how everyone jumps on the bandwagon of hating JS, jQuery, PHP, etc. for no goddamn reason

  2. Michael A. Volz
    December 17, 2018 at 12:45

    The most useless sentence in this talk: "JavaScript has won".
    Maybe google the term WebAssembly? 🤣

  3. amit pant
    December 17, 2018 at 12:45

    great video, i will watch it later on before sleeping time.

  4. Qwerasd
    December 17, 2018 at 12:45

    God, that sign language interpreter has a really tough job.

  5. Balance44
    December 17, 2018 at 12:45

    Amazing demonstrations

  6. cyb3rnetix bot
    December 17, 2018 at 12:45

    23:04 , wouldn't that make you a Scriptkiddy,? Using other ppl tools.(just asking)?

  7. Christopher John Jackson
    December 17, 2018 at 12:45

    That is very scary, memory buffer overflow always scary, I’m glad that I don’t use node or js on backend.

  8. code beat
    December 17, 2018 at 12:45

    Sleepy dude at 19:19 . That memory leakage is really stupid however it seems that it is fixed (now 2018).

  9. Ella Blun
    December 17, 2018 at 12:45

    it really annoys me that 70% of all content that claims to talk about javascript, talks about some framework which isn't even mentioned in the title- that's basically like someone going trough my web site which is in vanila js, written by a noob, and acting like all errors i made, are inherent to js.

  10. Alexey Lyahov
    December 17, 2018 at 12:45

    And in 2018 NPM carrying out vulnerability for us!

  11. Muse M
    December 17, 2018 at 12:45

    Some audiences look worries or serious about security now. On the other hand, Swift language enforce better security.

  12. Sunday BG
    December 17, 2018 at 12:45

    /* Style inputs with type="text", select elements and textareas */
    input[type=text], select, textarea {
    width: 100%; /* Full width */
    padding: 12px; /* Some padding */
    border: 1px solid #ccc; /* Gray border */
    border-radius: 4px; /* Rounded borders */
    box-sizing: border-box; /* Make sure that padding and width stays in place */
    margin-top: 6px; /* Add a top margin */
    margin-bottom: 16px; /* Bottom margin */
    resize: vertical /* Allow the user to vertically resize the textarea (not horizontally) */

    /* Style the submit button with a specific background color etc */
    input[type=submit] {
    background-color: #4CAF50;
    color: white;
    padding: 12px 20px;
    border: none;
    border-radius: 4px;
    cursor: pointer;

    /* When moving the mouse over the submit button, add a darker green color */
    input[type=submit]:hover {
    background-color: #45a049;

    /* Add a background color and some padding around the form */
    .container {
    border-radius: 5px;
    background-color: #f2f2f2;
    padding: 20px;

  13. Adeola Ogunleye
    December 17, 2018 at 12:45

    Sitting in front of so many nerds and lecturing them is intimidating. That means the guy is a Bugatti hyper sport car in nerd terms.

  14. Alex Nezhynsky
    December 17, 2018 at 12:45

    The guy is a natural born speaker

  15. MidnightSt
    December 17, 2018 at 12:45

    a site with a textbox and list of strings that have been submitted into the textbox: 400something dependencies.
    …anyone in here dumb enough to try and justify how is that in any way not insane ?

  16. oldbootz
    December 17, 2018 at 12:45

    Shit. Going to rewrite some things now…

  17. Jeffrey Chen
    December 17, 2018 at 12:45

    Are socket.io and express vulnerable?

  18. Gigastar
    December 17, 2018 at 12:45


  19. Matija Dogan
    December 17, 2018 at 12:45

    Who the hell filmed this. I don't wanna watch the crowd or a close up of Guy; I wanna watch the demos, the presentation

  20. IGeometry
    December 17, 2018 at 12:45

    7:30 damn! Question though, you would have to run nodejs as root for this to work obviously right?

Leave A Comment

You must be logged in to post a comment.