SecAppDev 2024 lecture details

Designing “least-authority” JavaScript apps

Learn the problems and solutions of combining "trusted" and "untrusted" JavaScript. We introduce secure dialects of JavaScript and practical tools that are available to help contain third-party dependencies.

Monday June 3rd, 14:00 - 15:30
Room West Wing
Download handouts
Abstract

How can trusted and untrusted JavaScript modules safely co-exist within the same application runtime? Maybe your app loads third-party scripts as “plug-ins”, or maybe the functionality of your app itself is built from third-party modules using a package manager. Dealing with untrusted code is more common than you may think. We discuss how modules can be “isolated” from one another, independent of whether you’re using JS in front-end or back-end applications. We introduce secure dialects of JavaScript and practical tools that are available to help contain third-party dependencies.

Key takeaway

Learn how to get "trusted" and "untrusted" JavaScript to safely co-exist in your app.

Content level

Deep-dive

Target audience

Web developers, full-stack engineers, web application software architects

Prerequisites

Some fluency with the JavaScript programming language.

Join us for SecAppDev. You will not regret it!

Tom Van Cutsem
Tom Van Cutsem

Associate Professor, KU Leuven

Expertise: Distributed systems, web apps and blockchain (d)apps

More details

Join us for SecAppDev. You will not regret it!

Related lectures

SecAppDev offers the most in-depth content you will find in a conference setting