Advanced Javascript Basics for Web Developers

*
Accepted Session
Short Form
Intermediate
Scheduled: Wednesday, June 25, 2014 from 3:45 – 4:30pm in B302/303

Excerpt

Javascript is a necessity for modern web development. Whether it is to add more interactivity to your user interface, or provide a client to interact with your API, chances are, even if you're trying to avoid working in javascript, you're working in javascript. Projects like Coffeescript and Opal, while useful, still do not help understand the javascript outputted by these compile-able languages. One growing concern in this realm is that an application's javascript can sometimes be a security concern, easily exploited by a malicious user. In order to catch these concerns, you must know what your javascript does, inside and out. This talk will illustrate concepts to make sure your client code is secure, while still giving your team the flexibility it needs to keep building your stellar app!

Description

If you’re developing a web application, no matter how wonderful it is, if it doesn’t have an easy-to-use interface for your users to interact with, chances are, your application will not be used. In addition, this interface needs to be able to communicate with a backend that provides dynamic data that is being presented to your user. For this you’ll need Javascript.

There are ways to sidestep writing Javascript code directly, Opal and Coffeescript immediately come to mind. However, these solutions eventually compile into javascript, leaving you stuck with any debugging you need to do happening in Javascript. This said, there are numerous pitfalls to writing, not only functional, but secure javascript code, and knowing the ins and outs of these potential security holes is becoming an increasingly important task. Your javascript, after all, is a tool you’re giving to your users to access your system. Do you know what that tool allows people to access?

In this talk, we’ll explore some concepts in Javascript that are critical to making sure you know EXACTLY what your javascript code is providing for your users. This includes: variable and method scoping on objects; utilizing call() and apply() to allow more predictable and safe metaprogramming than would be possible using eval(); and how to write tests that ensure that your javascript allows your users to do what they want with more of a guarantee than “It works on my computer!”

Tags

javascript, security, metaprogramming

Speaking experience

I've given talks at RubyNation 2013 and GoRuCo 2013 regarding alternative approaches to Rails application development: https://www.youtube.com/watch?v=Bjh_p-fBb9A

Speaker

  • Photo on 4 2 14 at 10.08 am  2

    Lauren Voswinkel

    LivingSocial

    Biography

    Lauren has been professionally programming since 2006. She started doing front-end work primarily, and transitioned to back end development using primarily Ruby and Rails.
    Currently, she works for LivingSocial, and has been throughly enjoying that endeavor. In her spare time, she likes to do fire breathing, fire spinning, and trick shots with a whip.
    She’s also been more than a little obsessed about Netrunner, and is working on a JS HTTP client/server to play with her friends who live across the country.

    Sessions

      • Title: Advanced Javascript Basics for Web Developers
      • Track: Chemistry
      • Room: B302/303
      • Time: 3:454:30pm
      • Excerpt:

        Javascript is a necessity for modern web development. Whether it is to add more interactivity to your user interface, or provide a client to interact with your API, chances are, even if you’re trying to avoid working in javascript, you’re working in javascript. Projects like Coffeescript and Opal, while useful, still do not help understand the javascript outputted by these compile-able languages. One growing concern in this realm is that an application’s javascript can sometimes be a security concern, easily exploited by a malicious user. In order to catch these concerns, you must know what your javascript does, inside and out. This talk will illustrate concepts to make sure your client code is secure, while still giving your team the flexibility it needs to keep building your stellar app!

      • Speakers: Lauren Voswinkel