Javascript libraries (in)security: A showcase of reckless uses and unwitting misuses. presented at AppSec USA 2013

by Stefano Di Paola,

Summary : Client side code is a growing part of the modern web and those common
patterns or libraries, that are supposed to help developer's life,
have the drawbacks to add complexity to the code exposing unexpected
features with no or little warning.
We will focus on the most popular JavaScript libraries such as jQuery,
YUI etc and common design pattern, describing how happens
that wrong assumptions can lead to unexpected, unsafe behavior.
Several code example and live demos during the talk will try to clear both
exploitation techniques and positive coding strategies.
The presentation will also show some interesting case study, collected
and identified during two years of real world applications analysis.