Vampires in the Browser: banishing uninvited Javascript from your web app

Fri September 10, 01:30 PM–02:00 PM • Back to program
Start time 13:30
End time 14:00
Countdown link Open timer

Legend has it that a vampire cannot enter a home unless they are invited to do so.

Much like vampires, Javascript cannot generally enter your web application unless it is invited in. However, there are many sneaky ways that you may find yourself with a vampire some Javascript inside your app without realising you've technically allowed it to be there.

This session will teach you some common incantations configurations you can deploy to prevent this from happening.

Legend has it that a vampire cannot enter a home unless they are invited to do so.

Much like vampires, Javascript cannot generally enter your web application unless it is invited in. Also like vampires, there are many sneaky ways that you may find yourself with a vampire someone else's Javascript inside your app without realising you've technically allowed it to be there. What happens next may be a bloodsucking nightmare or an eternal, sparkly romance, but whatever the outcome it's always better to know how to protect your spaces against intruders.

This session is here to help you solve this problem. Join us for a look at the ways that even the best-intentioned developer may leave loopholes for unwanted, third-party Javascript to creep into their apps, what that code can do when it gets there, and the incantations configurations you can deploy to prevent this from happening.

Lilly Ryan she/her

Lilly Ryan is a penetration tester, digital security consultant, and public speaker who serves on the board of Digital Rights Watch. Lilly specialises in web application security, privacy education, and the history of technology-related issues, bringing these topics to an international audience. She believes in the power of consumer and tech worker action to help the technology industry better serve the people it affects.