This presentation covers prevalent but not well known security issues in modern full stack JavaScript applications found in real-world assessments. It also discusses strategies on avoiding security issues and secure design patterns that can be adopted to write robust and secure JavaScript applications. We cover less well-known issues such as insecure object comparisons and prototype pollution along with how they can be used to exploit applications in Node.js. In addition, the talk also covers new upcoming security standards and protections to protect client-side JavaScript code (TrustedTypes).
Video producer: http://www.devoxx.com/