<img src="https://certify.alexametrics.com/atrk.gif?account=8w5fq1Fx9f207i" style="display:none" height="1" width="1" alt="">
Why Securing Server-Side JavaScript Source Code is So Hard & How-to Fix it

Webinar

Think About Your Audience Before Choosing a Webinar Title

Sponsored by ShiftLeft


Wednesday, June 3, 2020
1 pm EDT

JavaScript is arguably the most important modern programming language, but despite its massive popularity, it is inherently very difficult to secure. As a dynamically typed and interpreted programming language, static analysis of JavaScript source code is very limited in how it can analyze data-flow. However, code property graphs offer new ways to reconstruct data-flows in dynamic languages via detailed annotations.

A foundational concept of data-flow security analysis is modeling the values that can appear at runtime. However, dynamic types in JavaScript means that an analysis must be able to handle variables that can contain values of different types (e.g. string and/or integers), at different points during execution. JavaScript further complicates this by supporting a myriad of coercions between types. The following JavaScript program illustrates a case where multiple types come into play for a single variable:

Screen Shot 2020-05-18 at 4.01.22 PM

In the above example the value of x depends on the boolean value foo. If the value of foo is not known, then x can be either a string or an integer when assigned to the property. For the analysis to be useful we must track both possibilities.

This technical webinar will cover the following challenges of analyzing JavaScript Source Code, as well as discuss how code property graphs can be used to close the gaps:

  • Server Side JavaScript Landscape
  • State of Vulnerabilities in Server Side JS
  • Why vulnerability discovery is hard with JS (untyped languages)
  • Introducing CPG and taint flow analysis of JS using CPG
  • Illustrative walk through of OWASP use cases
  • Demo
CHETAN CONIKEE
CTO & Co-Founder - ShiftLeft
Chetan is a serial entrepreneur with over 20 years of experience in authoring and architecting mission-critical software. His expertise includes building web-scale distributed infrastructure, personalization algorithms, complex event processing, fraud detection, and prevention in investment/retail banking domains.

On-Demand Viewing

What You’ll Learn in This Webinar

You’ve probably written a hundred abstracts in your day, but have you come up with a template that really seems to resonate? Go back through your past webinar inventory and see what events produced the most registrants. Sure – this will vary by topic but what got their attention initially was the description you wrote.

Paint a mental image of the benefits of attending your webinar. Often times this can be summarized in the title of your event. Your prospects may not even make it to the body of the message, so get your point across immediately.  Capture their attention, pique their interest, and push them towards the desired action (i.e. signing up for your event). You have to make them focus and you have to do it fast. Using an active voice and bullet points is great way to do this.

Always add key takeaways. Something like this....In this session, you’ll learn about:

  • You know you’ve cringed at misspellings and improper grammar before, so don’t get caught making the same mistake.
  • Get a second or even third set of eyes to review your work.
  • It reflects on your professionalism even if it has nothing to do with your event.