Loading…
AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***
View analytic
Friday, July 6 • 1:30pm - 2:15pm
A Methodology for Assessing JavaScript Software Protections LIMITED

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

JavaScript is a highly dynamic language. At runtime, functions, and event handlers can be redefined. New code can be parsed and executed. While these properties offer a lot of flexibility, they are a nightmare when it comes to security. First, they are powerful weapons for an adversary. But they also make building tamper-resistant and obfuscation techniques a lot harder. As a result, determining if a given protection is strong or weak is a daunting task for an application developer or security practitioner.
In this talk, we explore the peculiarities of protecting JavaScript and how it differs from protecting native code. We then dive into a couple of protected JavaScript examples and demonstrate different attacking techniques e.g. partial evaluation - and investigate their potential for reverse engineering and tampering. We’ll go through different tamper-resistant and obfuscation techniques and test their resilience against modern reverse engineering techniques.
We’ll propose a methodology to help security practitioners evaluate JavaScript code protection. The need to assess software protections has been recently recognized by the OWASP Mobile Security Testing Guide. We provide pointers on what to look on JavaScript code protection, what real value you can get from it, when it makes sense to use and when it doesn’t.
 Expect a highly technical talk, with several demos, including live reverse engineering of protected JavaScript. In the end, you will have learned how to assess the value of available JavaScript code protection techniques.

Speakers
avatar for Pedro Fortuna

Pedro Fortuna

CTO, Jscrambler
Pedro Fortuna is CTO and Co-Founder of Jscrambler where he leads the technical vision for the product suite and contributes with his cybersecurity knowledge for R&D. Pedro holds a degree in Computing Engineering and a MSc in Computer Networks and Services, having more than a decade... Read More →


Friday July 6, 2018 1:30pm - 2:15pm
St James- 4th Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE

Attendees (38)