December 22, 2019

147 words 1 min read

JavaScript, security, and the case for feature simplicity

JavaScript, security, and the case for feature simplicity

JavaScript engines are frequently targeted by malicious attackers, and dozens of vulnerabilities are reported in them every year. Most of these occur due to errors made while implementing well-specified features. Natalie Silvanovich discusses the link between feature complexity, developer error, and security vulnerabilities and the importance of considering implementation difficulty in design.
Talk Title JavaScript, security, and the case for feature simplicity
Speakers Natalie Silvanovich (Google)
Conference O’Reilly Velocity Conference
Conf Tag Building and maintaining complex distributed systems
Location San Jose, California
Date June 12-14, 2018
URL Talk Page
Slides Talk Slides
Video Talk Video

JavaScript engines are frequently targeted by malicious attackers, and dozens of vulnerabilities are reported in them every year. Most of these occur due to errors made while implementing well-specified features. Natalie Silvanovich discusses the link between feature complexity, developer error, and security vulnerabilities and the importance of considering implementation difficulty in design.

security javascript complexity attack
comments powered by Disqus
Jumpstarting your DevSecOps pipeline with IAST and RASP (sponsored by Contrast Security)

Jumpstarting your DevSecOps pipeline with IAST and RASP (sponsored by Contrast Security)

December 21, 2019

Jeff Williams explains how to layer security tools on a CI/CD pipeline without disrupting it and demonstrates a fast, effective, scalable DevSecOps pipeline using free tools.
Kubernetes security best practices

Kubernetes security best practices

December 21, 2019

Ian Lewis shares the easiest and best ways to improve the security of your Kubernetes clusters
The internet versus your sites: Taking action against internet volatility (sponsored by Oracle + Dyn)

The internet versus your sites: Taking action against internet volatility (sponsored by Oracle + Dyn)

December 19, 2019

When the internet is not bombarding your DNS with bogus requests, its trying to execute malicious SQL queries and crawling your site with bots (some good, some bad). Join Kyle York to learn how to take action.
How to Choose a Kubernetes Runtime

How to Choose a Kubernetes Runtime

December 18, 2019

This year has seen the launch of several new container runtimes,including gVisor from Google and Nabla from IBM, as well as the consolidation of the Hyper and Intel VM container projects into Kata con …
The freedom to configure is the freedom to make a better world.

The freedom to configure is the freedom to make a better world.

December 13, 2019

Chances are you fell in love with technology the day you took some tool that didn't quite work for you and made it betterbetter suited to you and your idiosyncratic needs and uses. Then you shared your improvements and made other people's lives better too, and what sweeter feeling is there? Cory Doctorow explains why the right to configure is the signature right of the 21st century.
Architecting data platforms for cybersecurity

Architecting data platforms for cybersecurity

December 12, 2019

Data is becoming a crucial weapon to secure an organization against cyber threats. Charaka Goonatilake shares strategies for designing effective data platforms for cybersecurity using big data technologies, such as Spark and Hadoop, and explains how these platforms are being used in real-world examples of data-driven security.