SecAppDev 2025 lecture details
Designing "least-authority" JavaScript apps
Learn the problems and solutions of combining "trusted" and "untrusted" JavaScript. We introduce secure dialects of JavaScript and practical tools that are available to help contain third-party dependencies.
Tuesday June 3rd, 11:00 - 12:30
Room West Wing
Add to calendar (ICS) Add to Google calendarAbstract
How can trusted and untrusted JavaScript modules safely co-exist within the same application runtime? Maybe your app loads third-party scripts as "plug-ins", or maybe the functionality of your app itself is built from third-party modules using a package manager. Dealing with untrusted code is more common than you may think. We discuss how modules can be "isolated" from one another, independent of whether you’re using JS in front-end or back-end applications. We introduce secure dialects of JavaScript and practical tools that are available to help contain third-party dependencies.
Key takeaway
Learn how to get "trusted" and "untrusted" JavaScript to safely co-exist in your app.
Content level
Deep-dive
Target audience
Web developers, full-stack engineers, web application software architects
Prerequisites
Some fluency with the JavaScript programming language.

Related lectures
Leveraging the security model of the web
Introductory lecture by Philippe De Ryck in room Lemaire
Monday June 2nd, 11:00 - 12:30
Web security is complex and evolving fast, with browsers playing a growing security role. This session explores core techniques to build secure apps and APIs, giving you the foundation to tackle more advanced web security topics.
Key takeaway: Learn how modern browsers approach security and how to build on that foundation to create secure web apps and APIs using proven core techniques.
Using AI to write Secure React.JS code
Deep-dive lecture by Jim Manico in room West Wing
Monday June 2nd, 16:00 - 17:30
In this talk, we will explore the massive potential of AI in secure code creation. This session will discuss techniques that will aid AI code creation engine to produce higher quality and more secure code.
Key takeaway: Actionable advice on using AI to generate secure code
Using WebAssembly to run, extend, and secure your app
Introductory lecture by Niels Tanis in room West Wing
Tuesday June 3rd, 09:00 - 10:30
In this session we'll dig into WASM, how it works, it's security features and how we can use it to host, extend and secure our applications by running it the WebAssembly System Interface (WASI).
Key takeaway: Understanding WASM, it's security features and how leverage those by integrating it into your application/software.