JavaScript has become one of the most ubiquitous technologies in the modern web browsers. Applications built using client-side JavaScript frameworks such as AngularJS, ReactJS and Vue.js push a lot of functionality and logic to the front-end.

With the increased functionality/logic on the client-side, the attack surface on the client-side also increases.

As a security tester it is essential for us to understand the attack surface of these applications. It is also important for us to know what information to look for, where to look for and how to look for the information that will lead to the discovery of potential security issues in the applications.

In this blog post we will look at performing static analysis of client-side JavaScript code in order to uncover potential security issues in the applications.