Hacking The Front-End
Most of the conventional web security wisdom revolves around the server, and often leaves the client out of the equation. Outside of "escape user input" a lot of developers don't know where to start with protecting their client-side applications. Unfortunately for everyone, there's a huge attack surface on the client-side, and it can sometimes feel like a hopeless goal to ever patch up all the holes. Let's go through a bunch of ways that you might not expect hackers will attack your site, and then let's see if there's anything we can do about it, including looking into exciting new standard APIs out of the W3C to help address these problems.