Now every financial sector applications i.e. mobile or web, use one more security layer which is encryption mechanism so the attacker who able to intercept the traffic through any MITM tools can not able to understand the request data. When we do pen-testing we follow some methodology, we have to test each and every parameter and request. well as we all know attackers don't follow any rules or regulations, when they want to attack they will find the way to do it. So as keeping the mindset of the attacker, we will understand this kind of encryption mechanism, what developer thinks when they implement this? also what kind of mistakes they do? why they feel putting encryption means the application is secure? what makes them think that no one can break there logic? so they hide sensitive information behind the encryption. So keeping all above maybe some more cases in my mind, I prepared my own "Debugging methodology" for this, which I follow when I face this kind of scenarios
https://nsconclave.net-square.com/cold-war-with-javascript.html
3. What is this talk about?
● JavaScript
● Brief About Js Engines
● DevTools (V8)
● Extra Security layer implemented inside banking application
● How to break it, fuzz it and bypass something?
● How to debug JavaScript based mobile application?
● How to debug Add-on or web browser extensions?
Don’t worry, this session will have lot of demos!!!
7. ● How Developers see it : Building stuff
● How Attackers see it : Breaking stuff
● Using JS, you can build a complete -
a. web/mobile applications.
b. Real-time networking apps (chats, video streamings).
c. Command line tools.
d. Games.
e. Desktop Application.
f. Windows 95 using electron.
10. Where does JavaScript code run?
● Browser Engines
● JavaScript engines (V8 for Chrome, spidermonkey for firefox etc.)
● Previously, we were able to run javascript inside browsers only.
● Later on, Node was developed (which is nothing but Javascript engine
outside browser).