Hostile JavaScript: Attacking and Defending the Browser
How much JavaScript is on your website? Do you know what it does? No really, have you looked at the code and seen what it does? Probably not.
JavaScript controls the client side environment, and we can use it to compromise users, consume resources, and steal data. Yet many websites continue to add scripts without review, audit, or thought.
Let’s explore what JavaScript can do to a browser, the vectors that JavaScript can get added to websites, and how we can defend against JavaScript attacks.
Web App Observability: Understanding the Client-Side Experience
Most observability efforts focus on distributed services and cloud architectures, end-users only care that the client-side works for them. In this talk, we’ll explore how to make client-side web applications more observable by monitoring session analytics, user experience, errors, APIs, and data integrity directly from real users. We’ll cover how web developers, SREs, and DevOps engineers can collect data from the browser, handle noise, and interpret data to make better decisions for users, enabling them to prioritize fixes that have the most impact.