JSFoo 2017

JSFoo is a conference about JavaScript and everything related.


Understanding JavaScript Security

Submitted by Dheeraj Joshi (@djadmin) on Monday, 5 June 2017

Section: Full Talk Technical level: Intermediate Status: Shortlisted for rehearsal


Security is important but not everyone cares about it until something bad happens. Don’t Let Security be the ‘Elephant in the Room’.
In this talk, I’ll speak about best practices for writing secure JavaScript, common pitfalls and HTTP Security Headers. We’ll go a step further and dive into a vulnerable Single-Page Application with a step by step discussion of the security issues, their impacts, and how to identify & defend against them. I’ll also touch upon about some interesting vulnerabilities which I have found and reported to some commonly used web apps.


This talks covers the top overlooked security threats and helps audience in writing secure JavaScript. Demonstration of a vulnerable Single Page Application with a step by step discussion of the security issues, impacts and remediation strategies.

Key Takeaways:

1) Cross-site Scripting (XSS) & CSP
2) Cross-site Request Forgery (CSRF)
3) HTTP Security Headers
4) Other Best Practices

At the end of the talk, one should be able to identify & fix the security vulnerabilities in real world applications, write secure code and thus help in making the web more secure.

Speaker bio

Dheeraj is a Front-end Artisan and the InfoSec guy at Wingify. He is quite adept at writing JavaScript, an open source lover, and web security enthusiast. When he is not writing code, he spends time finding and reporting security vulnerabilities in web applications.




Preview video



  •   Sandhya Ramesh (@sandhyaramesh) 2 years ago

    Hi Dheeraj, in order to proceed with evaluation of your proposal, we need your draft slides and a two minute self recorded video of you walking us through your content. Please edit this proposal and submit it as soon as possible. Thanks!

  •   Dheeraj Joshi (@djadmin) Proposer 2 years ago

    Hey! Just wanted to know if the previously recorded talks will also work in this case?
    (Links: https://www.youtube.com/watch?v=XaHkHBtth-U, https://www.youtube.com/watch?v=csE5tp94wfw)

    And If it doesn’t, I should record and send it right away.

    •   Sandhya Ramesh (@sandhyaramesh) 2 years ago

      Yes, please upload a video relevant to this talk specifically? And also your slides.

      •   Dheeraj Joshi (@djadmin) Proposer 2 years ago

        Sure. Please let me know if you need more information.

Login with Twitter or Google to leave a comment