JavaScript Forensics

Transcript

1. WANTED JavaScript Forensics Todd H Gardner @toddhgardner

2. Wild Wild Web

3. WANTED @toddhgardner JavaScript Outlaws

4. Soliloquy

5. {Track:js} https://trackjs.com JavaScript Error Monitoring

6. Scripty Joe WANTED Characteristics: Script Error Impact: Unknown Reward $5,00

7. None

8. Soliloquy

9. Scripty “Line 1” Joe Place of Origin: Characteristics: Associates: Browser

   Obfuscation Noisy 3rd party domains Apprehend with CORS and crossorigin attributes Remarks:

10. Jane Adsy WANTED Characteristics: getRandomAds is not defined Impact: global

    Reward $5,00
11. None

12. Soliloquy

13. Jane “3rd Party” Adsy Place of Origin: Characteristics: Associates: Unplanned

    Changes Sudden bursts of violence SaaS, Analytics, CDN Weigh risk vs value of 3rd party dependencies Remarks:

14. Clara Context WANTED Characteristics: Cannot read propert of undefined Impact:

    major Reward $5,00

15. Error Cannot read property ‘destroy’ of undefined User Click <button

    class=“js-delete-statement”>

16. Soliloquy

17. Clara “This&That” Context Place of Origin: Characteristics: Associates: Functional Args

    Not Defined Callbacks, Promises Can usually be discovered through test Remarks:

18. Dolly Data WANTED Characteristics: Substr is not a function Impact:

    isolated Reward $5,00

19. a.text.substr is not a function

20. Soliloquy

21. Dolly “Bad Shape” Data Place of Origin: Characteristics: Associates: Contract

    Changes Production Faults Separated Dev Teams Difficult to prevent with test Remarks:

22. Logan Noloaden WANTED Characteristics: INLINE_ADS is not a function Impact:

    major Reward $5,00
23. None

24. Soliloquy

25. Logan “404” Noloaden Place of Origin: Characteristics: Associates: Flaky Infrastructre

    404, is undefined The Internet Verify load before invoking external functions. Remarks:

26. Mabrowser Crashin WANTED Characteristics: Slow perf, browser crash Impact: catastrophic

    Reward $5,00
27. None

28. Soliloquy

29. Mabrowser Crashin Place of Origin: Characteristics: Associates: Detached Elements Slow

    Perf, Crashing Clientside Rendering Periodic scanning for memory leaks. Remarks:

30. CAPTURED @toddhgardner JavaScript Outlaws Scripty Joe Jane Adsy Clara Context

    Dolly Data Logan Noloaden Mabrowser Crashi

31. {Track:js} https://trackjs.com JavaScript Error Monitoring

32. User Activity AJAX History Console Logs Browser Info Inline Source

    Async Traces

33. WANTED JavaScript Forensics Todd H Gardner @toddhgardner todd@trackjs.com