Security Testing of YUI Powered Applications

A session at YUIConf 2012

Thursday 15th November, 2012

3:00pm to 3:50pm (PST)

Everyone agrees that application security is of crucial importance, and attacks on web frontends are getting more frequent, sophisticated, and dangerous. Yet the area of security testing of frontend and YUI-based applications has so far received little attention. This talk highlights the need to embed security testing in the standard repertoire of every Javascript and YUI developer, alongside with functionality and performance tests. We will emphasize the security testing as part of development workflow - writing and running tests alongside creating the code. Our main goal is to attract the YUI community's attention to this grey area and start a discussion and cooperation of webappsec and YUI worlds.

Speaker Bios:

Dmitry (@dimisec, github.com/dmitris) started his Yahoo career a few days after the Y2K developing web applications such as Yahoo! Wallet in C++. After having successfully debugged hundreds of segfaults, he moved with the flow of the Web to PHP, Javascript, NodeJS and YUI. In the last 5 years, Dmitry is part of the Yahoo security team where he had a title equally unique at Yahoo and in the industry: European Paranoid. For his merciless dealing with security bugs, he got a nickname "Dmitrinator". He is responsible for the Yahoo internal XSS scanner used across the company. He held several talks at Yahoo Security Weeks and conducted security trainings for Yahoo developers across the globe. He lives in Munich, Germany.

Albert (@yukinying) is a web security engineer at Yahoo, based out of the Hong Kong office. Part of his interest in terms of work here is to see how system could break. To some extent, "Alert" is his nickname to some Yahoos he worked with, for his notoriety with finding XSS bugs. He has been with Yahoo! for six years. He spent first year working as a software developer, service engineer and local paranoid. Then joined the security team full time. He believes, in today's changing times, if you are not moving fast, then you get owned.

About the speakers

This person is speaking at this event.
Albert Kin-Ying Yu

I see how system breaks. bio from Twitter

This person is speaking at this event.
Dmitri Savintsev

Next session in Secondary Room

4pm NodeJS + Cocktails: Scaling Yahoo! by Diego Ferreiro

Sign in to add slides, notes or videos to this session

Tell your friends!


Time 3:00pm3:50pm PST

Date Thu 15th November 2012


Secondary Room, Santa Clara Marriott Hotel

Session Hash Tag


Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session