JSFoo 2017

JSFoo is a conference about JavaScript and everything related.

Shreyansh Pandey


Oblivion and JavaScript - The nuances of security

Submitted May 20, 2017

Take an application. Any application. Discect it. What do you see? Garbled bits of JavaScript code which has been glued with a very thin coating of AJAX. Regardless of what it is: an eBook reader, a banking application, many government websites, etc. there is always something which is lacking... something which is amiss; more often that not, it’s the security. It’s needless to emphasize the threat these mistakes are to the primordial concept which required them to be so secretive: their proprietary secrets, copyrights, etc. In this short talk, I will discuss the applications I reverse engineered and how I managed to extract a lot of things from that simple flaw. After this, I will talk about how you can make your application resistant to the threats mentioned and more.


  • Introduction - Who? How? What?
  • The flawed eBook reader
  • A weary authentication service
  • Microscopic
    • The eBook reader
    • Authentication service
  • Prevention
    • Examples
  • Conslusion and Questions

Speaker bio

A 18-year old developer, technology enthusiast and DevOps lover. For the past 5 years, I have tinkered around with systems, written backends in languages ranging from PHP to Node. Personally, I love taking up challenges and educate people about whatever I learnt from them. DevOps and backend development are the two most interesting fields for me, but the problem is the fact these amazing tools and standards have a very steep learning curve and, thus, amateurs are often terrified, to say the least; therefore, teaching something as advanced as possible with as little technicality (in language, that is) has been my long time passion. Although young, I promise that the talk will be nothing short in terms of clarity, brevity, and humour.

Previously, I made (and broke) things at Gamezop as their Backend and Infrastructure Lead; currently researching on secure payment protocols at the University of Washington, Seattle.


{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

JSFoo is a forum for discussing UI engineering; fullstack development; web applications engineering, performance, security and design; accessibility; and latest developments in #JavaScript. Follow JSFoo on Twitter more