According a StackOverflow survey, JavaScript is the most commonly used programming language on earth. JavaScript ecosystem is vast and complex. It includes JavaScript on the client-side, on the server-side, in mobile applications, and even in database engines.
Today just the client-side JavaScript space offers over 50 frameworks. The amount of application logic that is executed in the browser is growing every year, which means the attack surface is growing as well. Which security issues are most common in JavaScript applications? Do new frameworks provide the security controls needed to protect the growing amount of client-side code? In this talk we will answer these questions and, as an example, we will look at one of the hottest JavaScript frameworks
today – React. We will discuss its new features like components and server-side DOM rendering, analyze React’s security posture and demonstrate existing vulnerabilities.