Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

Stranger Danger: Your JavaScript Attack Surface Just Got Bigger

May 11, 2022

Building JavaScript applications today means that we take a step further from writing code. We use open-source dependencies, create a Dockerfile to deploy containers to the cloud, and orchestrate this infrastructure with Kubernetes. Welcome, you're a cloud native application developer! As developers, our responsibility broadened, and more software means more software security concerns for us to address.

Join one of our Snyk pros for a hands-on JavaScript and cloud native live-hacking session, to show common threats, vulnerabilities and misconfigurations. Most importantly, we'll also show how you can protect your application with actionable remediation and best practices for each exploit we demonstrate.

Learn more about Snyk:

00:00:00 - Stream Start
00:03:28 - Intro Chat
00:06:20 - Presentation Start
00:07:30 - Open Source in our Apps
00:14:30 - Choosing Open Source Libraries
00:17:49 - Vulnerabilites in Direct vs. Indirect Dependencies
00:21:40 - Adding a Project to Snyk
00:25:25 - Monitoring Security of Our Containers
00:31:35 - Demo: Hacking via Open Source Vulnerabilities
00:35:37 - Taking on an Attacker Perspective
00:42:14 - A Successful Cross-Site Scripting Attack
00:47:50 - Understanding How the Vulnerable App Works
00:49:40 - Learning About Open Source Vulnerabilites in VS Code
00:57:23 - Wrapping up the Presentation
00:59:00 - Closing out the stream

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Learn more about Snyk

📱Social Media📱