We are holding our first London Findmypast public tech talk in support of the Movember charity fund raiser (Even though we are holding it in December!). We will therefore be requesting donations from all attendees during that will go to the Movember cause.



Guy Podjarney, CEO and founder of Snyk, has kindly offered to speak at the event and will talk about Open Source Javascript vulnerabilities.



Outline:

Open source modules, and especially npm, are undoubtedly awesome. However, they also represent an undeniable and massive risk. You’re introducing someone else’s code into your system, often with little or no scrutiny. The wrong package can introduce severe vulnerabilities into your application, exposing your application and your users data.

The talk will use a sample application, Goof, which uses various vulnerable dependencies, which we will exploit as an attacker would. For each issue, we'll explain why it happened, show its impact, and – most importantly – see how to avoid or fix it.