Real World JavaScript Security


This talk covers prevalent but not well known security issues in modern full stack JavaScript applications found in real-world assessments. We will also discuss strategies on avoiding security issues and secure design patterns that can be adopted to write robust and secure JavaScript applications.

We cover less well-known issues such as insecure object comparisons and prototype pollution along with how they can be used to exploit applications in Node.js.

In addition, the talk also covers new upcoming security standards and protections to protect client-side JavaScript code (TrustedTypes).

Security Best Practices
Security Improvements

Amanvir Sangha


Amanvir Sangha is a Software Security Consultant at Synopsys primarily focused on source code review, developer training and modern web application security. In the past he has worked as a software and security engineer helping developers write secure code.

Talks by tracksTalks by session typesList of SpeakersSchedule