This course aims to provide an understanding of ECMA Script 6 from an attacker's perspective. By the end of the course, learners will be able to identify new code constructs, potential attack vectors, and strategies to mitigate security risks associated with ES6. The course covers topics such as arrow functions, generator functions, template strings, symbols, and serialization of string tags. The teaching method involves a lecture format with a focus on showcasing new language features and their implications for web security. This course is intended for individuals interested in web development, cybersecurity, and understanding the potential security threats posed by ES6.
Overview
Syllabus
Intro
Agenda
JavaScript History
JavaScript vs JScript
Syntax Extensions
Standardization
ECMA Script 6
Arrow Functions
Generator Functions
Bypassing the Sandbox
Generator Arrows
Escapes
Templating Strings
Multiline strings
IE XSS filter
Location filter
Shape Layer
Symbols
Unique immutable reference
Symbol to string tag
Serialization of string tags
Unstoppable
Use Includes
Reflection
Mixed Salad
Conclusion
Taught by
nullcon
