JavaScript Security: myths, fallacies and anti-patterns

A session at JSConfUY 2014

Saturday 15th March, 2014

11:25am to 11:55am (MMT)

I've worked on some very sensitive front-end codebases (banks, pharma, defence et al) and as a consequence I've come across every type of good and bad practice. In this talk I'll share some of those experiences and talk about the part security plays in delivering high quality client-side JavaScript, including:

  • Why you don't control your run-time environment and why that's such a problem.
  • Some inherent problems with JavaScript's security model and design
  • Writing secure API's with that in mind
  • Exposing and implementing countermeasures for common attacks in highly sensitive codebases
  • Patterns and anti-patterns in front-end penetration testing and auditing
  • Why security is so important to high quality code, and why you're probably not thinking about it enough

Hopefully, by the end of the talk, you'll be able to take away some the lessons I've learnt from the best of these highly secure front-end codebases, and maybe how you can stop yours failing quite as spectacularly as some of the worst ones have.

About the speaker

This person is speaking at this event.
Joe Pettersson

I'm the Technical Lead of UI Engineering at McKinsey & Company

Next session in Auditorium

12pm MontageJS by Benoit Marchant

Sign in to add slides, notes or videos to this session

JSConfUY 2014

Uruguay Uruguay, Montevideo

14th15th March 2014

Tell your friends!


Time 11:25am11:55am MMT

Date Sat 15th March 2014

Short URL


Official event site


View the schedule


See something wrong?

Report an issue with this session