SecAppDev 2025 lecture details

Designing "least-authority" JavaScript apps

Learn the problems and solutions of combining "trusted" and "untrusted" JavaScript. We introduce secure dialects of JavaScript and practical tools that are available to help contain third-party dependencies.

Tuesday June 3rd, 11:00 - 12:30
Room West Wing
Add to calendar (ICS) Add to Google calendar
Web security
Application Security
Abstract

How can trusted and untrusted JavaScript modules safely co-exist within the same application runtime? Maybe your app loads third-party scripts as "plug-ins", or maybe the functionality of your app itself is built from third-party modules using a package manager. Dealing with untrusted code is more common than you may think. We discuss how modules can be "isolated" from one another, independent of whether you’re using JS in front-end or back-end applications. We introduce secure dialects of JavaScript and practical tools that are available to help contain third-party dependencies.

Key takeaway

Learn how to get "trusted" and "untrusted" JavaScript to safely co-exist in your app.

Content level

Deep-dive

Target audience

Web developers, full-stack engineers, web application software architects

Prerequisites

Some fluency with the JavaScript programming language.

Join us for SecAppDev. You will not regret it!

Tom Van Cutsem
Tom Van Cutsem

Associate Professor, KU Leuven

Expertise: Web security and Web3 (d)apps

More details

Join us for SecAppDev. You will not regret it!

Related lectures

Leveraging the security model of the web

Introductory lecture by Philippe De Ryck in room Lemaire

Monday June 2nd, 11:00 - 12:30

Web security is complex and evolving fast, with browsers playing a growing security role. This session explores core techniques to build secure apps and APIs, giving you the foundation to tackle more advanced web security topics.

Key takeaway: Learn how modern browsers approach security and how to build on that foundation to create secure web apps and APIs using proven core techniques.

Web security
Application Security

Using AI to write Secure React.JS code

Deep-dive lecture by Jim Manico in room West Wing

Monday June 2nd, 16:00 - 17:30

In this talk, we will explore the massive potential of AI in secure code creation. This session will discuss techniques that will aid AI code creation engine to produce higher quality and more secure code.

Key takeaway: Actionable advice on using AI to generate secure code

Web security
Secure Coding
Application Security

Using WebAssembly to run, extend, and secure your app

Introductory lecture by Niels Tanis in room West Wing

Tuesday June 3rd, 09:00 - 10:30

In this session we'll dig into WASM, how it works, it's security features and how we can use it to host, extend and secure our applications by running it the WebAssembly System Interface (WASI).

Key takeaway: Understanding WASM, it's security features and how leverage those by integrating it into your application/software.

Web security
Architecture
Application Security
all workshops all lectures

SecAppDev offers the most in-depth content you will find in a conference setting