Hackfest 2024 - 16-bit Edition

Your locale preferences have been saved. We like to think that we have excellent support for English in pretalx, but if you encounter issues or errors, please contact us!

Garth Boyd

Senior Application Security/Cloud Security Architect specializing in Secure Software Architecture and security research with experience supporting development organizations. Founder of DeviousPlan, a boutique security firm specializing in Security Architecture, Threat Modelling, Securing the public cloud, Security Training and Penetration Testing. A lifelong learner who enjoys crafting solutions to interesting and tough problems and thinking of six impossible things before breakfast.


Your pronouns

He/Him

Which country are you from?

Canada

Your twitter or other social network

@garthoid


Session

10-11
11:00
50min
We Know What You Hide in JS
Garth Boyd

Client-side JavaScript plays a crucial role in the development and functionality of Single Page Applications (SPAs) prevalent in modern web applications. Unfortunately, JavaScript code delivered to the browser can contain sensitive information due to development error, oversight, or misunderstanding. These details can provide attackers with a variety of insights that can be leveraged to exploit vulnerabilities in a web application. This presentation delves into the techniques and tools essential for performing comprehensive reconnaissance on client-side JavaScript files, aiming to uncover hidden endpoints, sensitive information, and potential security vulnerabilities. Attendees will gain practical knowledge on the importance of reconnaissance, the types of tools available, and how to effectively analyze client-side JavaScript files to gather actionable intelligence. This presentation is ideal for cybersecurity professionals, web developers, and penetration testers who are keen to deepen their understanding of client-side security. It provides valuable insights for anyone involved in securing modern web applications and protecting sensitive data from unauthorized access.

Offensive
Track 2 (206a)