Worst JavaScript Flaws That Hackers Love To Abuse




Some of the very things that make JavaScript awesome can also make it exposed. This talk will go through some sample security flaws unique to JavaScript’s async nature and surrounding ecosystem. We’ll show live exploits to understand the issues and their impact, explain why they happen and – most importantly – how to avoid or fix them.

EVENT: JS Congress, 2016

SPEAKER: Guy Podjarny

PERMISSIONS: The original video was published on JS Congress YouTube channel with the Creative Commons Attribution license (reuse allowed).

ORIGINAL SOURCE: https://www.youtube.com/watch?v=lNk9Ami4Zls

Original source


20 responses to “Worst JavaScript Flaws That Hackers Love To Abuse”

  1. it really annoys me that 70% of all content that claims to talk about javascript, talks about some framework which isn't even mentioned in the title- that's basically like someone going trough my web site which is in vanila js, written by a noob, and acting like all errors i made, are inherent to js.

  2. /* Style inputs with type="text", select elements and textareas */
    input[type=text], select, textarea {
    width: 100%; /* Full width */
    padding: 12px; /* Some padding */
    border: 1px solid #ccc; /* Gray border */
    border-radius: 4px; /* Rounded borders */
    box-sizing: border-box; /* Make sure that padding and width stays in place */
    margin-top: 6px; /* Add a top margin */
    margin-bottom: 16px; /* Bottom margin */
    resize: vertical /* Allow the user to vertically resize the textarea (not horizontally) */
    }

    /* Style the submit button with a specific background color etc */
    input[type=submit] {
    background-color: #4CAF50;
    color: white;
    padding: 12px 20px;
    border: none;
    border-radius: 4px;
    cursor: pointer;
    }

    /* When moving the mouse over the submit button, add a darker green color */
    input[type=submit]:hover {
    background-color: #45a049;
    }

    /* Add a background color and some padding around the form */
    .container {
    border-radius: 5px;
    background-color: #f2f2f2;
    padding: 20px;
    }

  3. a site with a textbox and list of strings that have been submitted into the textbox: 400something dependencies.
    …anyone in here dumb enough to try and justify how is that in any way not insane ?

Leave a Reply