Ever wondered how many times the ads in your website are using document.write? Or if you were writing to the DOM from untrusted sources? Such questions can be answered by dynamically analysing the JavaScript running in your website. Static analysis of JavaScript leads to a lot of false positives and is incredibly hard to do correctly due to features like eval, XHR, etc. Dynamic analysis of JavaScript gives much more accurate results. Inian will talk about using meta programming APIs such as Proxies, overriding native DOM APIs and inbuilt JS functions, using Immediately Invoked Function Expressions (IIFEs), etc. to carry out your own dynamic analysis, the gotchas involved and how he handled them. Inian will also be demonstrating how to use the open-source proxy module he wrote, which makes it easy to get started on carrying out these kinds of dynamic analysis on real-world web applications. Inian is the founder of a web performance company, Dexecure. He loves JavaScript, chocolates and anything related to web performance and security. He is a strong believer in the importance of having an open, decentralised and uncensored web ecosystem. JSConf.Asia - Capitol Theatre, Singapore - 25 January 2018 Source: https://2018.jsconf.asia/ License: For reuse of this video under a more permissive license please get in touch with us. The speakers retain the copyright for their performances.