JSFoo 2013

All about being creative with JavaScript

Next proposal

Just Grunt It

Secure Javascript coding - Do's and Dont's

Submitted by Raghu Mitra (@raghumitra) on Jul 18, 2013

Section: Full talk Technical level: Intermediate Status: Submitted


Learn about the common security vulnerabilities, policies and how to work with them in javascript.


Almost everybody who has written some serious javascript code would have faced problems related to security.
There are some inherent security policies in javascript such as single-origin-policy, content-security-policy etc, which sometimes are limiting.
In this session we will discuss how to work around them, should there be any need.

Even after the security policies mentioned above, programmers need to take care of many other vulnerabilities like cross-site-scripting (XSS), cross-site-request-forgery ( CSRF) etc.
In this session we will discuss how to fill these security loop holes.

Speaker bio

Raghu & Rahul
We are SSE's working for Citrix R&D India Ltd. We work on providing UI for a bunch of networking products. Developing UI for an enterprise networking product that can be public facing sometimes has given us exposure to various security threats and by far we were successful in mitigating them :).

We would like to share our knowledge and understand more about the common security issues faced by enterprise web applications.


  • Om Shankar (@omshiv) 6 years ago

    Agree. JS is so approachable that any tom dick and harry can write code. Secure coding is something really important today, given that JS is everywhere right now.

    • Raghu Mitra (@raghumitra) Proposer 6 years ago

      Yeah I totally agree with you Om Shankar. This is the first thing that a cool dude kind of a user does when he comes across an interesting web app.
      All of us have to accept that at least once we have attempted to hack into a website/intranetsite using firebug and when we find that the attack fails we would have felt good about the developer :)

  • Akash Mahajan (@makash) 6 years ago

    How will JavaScript allow you to protect against CSRF?

    • Raghu Mitra (@raghumitra) Proposer 6 years ago

      Sorry for the delayed response…
      If you have a client JS and by using a methodology called no-once this can be done.
      There are multiple types of no-once checks that can be employed depending on kind of application we are dealing with.
      No to mention we need some support from the server side for this but i am sure it should be simple enough for any kind of server

  • Raghu K Mittal (@raghukmittal) 6 years ago

    Looking forward to this talk

  • bovave (@bovave) a year ago
  • Raghu Mitra (@raghumitra) Proposer 6 years ago

    I hope this will be useful for the folks attending jsfoo

Login to leave a comment