Skip to main content

Tools and Techniques for Securing JavaScript Applications

Emily Stark (Meteor Development Group)
Front End Libraries, Node.js, The Server Side, Tools, Platforms, and APIs
Location: Salon 10 Level: Intermediate
Average rating: ****.
(4.40, 5 ratings)
Slides:   1-ZIP 

Modern web applications, written in JavaScript and running inside the browser, are susceptible to many of the same security vulnerabilities — including XSS and CSRF attacks — that are a concern in any traditional app. But these JavaScript apps, which open long-lived stateful connections to the server and which often run on top of document-oriented databases like MongoDB, also present a new set of security challenges. In this talk, I will go through several practical examples of how JavaScript developers can safeguard their applications from many of these security threats. I will also describe the security principles in Meteor, a full-stack pure JavaScript framework, show off Meteor’s APIs for managing Content Security Policy, and demo some of the other tools Meteor provides to help you prevent attacks in your applications.

Emily Stark

Meteor Development Group

Emily Stark is a core contributor to Meteor, the full-stack reactive framework for Javascript applications. Prior to joining Meteor, Emily published several research papers in the security and cryptography fields. As an undergraduate at Stanford, Emily coauthored SJCL, a JavaScript public- and private-key cryptography library that is highly optimized for speed and code size. She also developed a method for prefetching TLS certificates to enable zero-round-trip handshakes. As a graduate student at MIT, she researched techniques to automatically partition applications into trusted and untrusted environments, and explored the use of client-side cryptography to keep user data secret from the web server in an application framework.