Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

JavaScript Vulnerability Mining: Mastering jsluice for Advanced Web App Testing

Tune in to the eleventh episode of our Tool Talk series to hear Tom Hudson speak about jsluice, an open-source, Go package and command-line tool used to extract information from JavaScript files and code.

Building detailed maps of web applications and their supporting JavaScript code and files is paramount to vulnerability discovery in offensive security testing. But for pen testers, discovering the deepest, darkest secrets in JavaScript can be like mining for gold, sifting through copious amounts of extraneous information to find the smallest bits of criticality that expose weak points in applications. Knowing where to turn for the latest and greatest JavaScript mining tool developments is worth its weight in gold for offensive security practitioners needing to constantly increase efficiency and efficacy in web application penetration testing.

Unlock Hidden Web Application Vulnerabilities with jsluice

Join Tom Hudson, Senior Security Engineer at Bishop Fox and creator of jsluice, as he reveals advanced techniques for extracting critical security insights from JavaScript code. This eleventh episode of our Tool Talk series showcases how to efficiently mine JavaScript files for valuable security intelligence.

Technical Deep Dive:

Tool Capabilities

  • Rapid URL and path extraction
  • Secret detection algorithms
  • Tree structure analysis
  • Advanced query functionalities

Efficiency Optimization

  • Automated JavaScript parsing
  • Strategic vulnerability discovery
  • Time-saving implementation techniques
  • Performance optimization strategies

Practical Implementation

  • Four powerful operational modes
  • Real-world use cases
  • Integration best practices
  • Custom query development

Featured Expert: Tom Hudson Senior Security Engineer, Bishop Fox Creator of jsluice Open-source tool developer

Perfect For:

  • Penetration Testers
  • Web Application Security Specialists
  • Security Engineers
  • Code Reviewers
  • Offensive Security Researchers

Why Watch: Master an essential open-source tool that revolutionizes JavaScript analysis for security testing. Learn how to significantly improve your vulnerability discovery process while reducing manual effort.

Duration: 31.35 Level: Intermediate to Advanced

Transform Your Testing: Learn how to efficiently extract critical security insights from complex JavaScript applications using jsluice's powerful features.

Tom Hudson BF Headshot

About the speaker, Tom Hudson

Senior Security Analyst

Tom Hudson is a Senior Security Engineer at Bishop Fox, where he is part of the capability development team for Cosmos. He specializes in developing innovative tools that improve the quality of intelligence generated and processed through continuous penetration testing. Tom is the well-known author of numerous command-line tools, which can usually be leveraged together for security research, penetration testing, and bug bounty hunting. His contributions include open source projects such as gron, meg, and unfurl.

Tom is an active member of the information and cybersecurity community and has been a speaker at multiple events including the RSA Conference, BSides Leeds, Agile Yorkshire, the Sky Betting & Gaming Tech Talks, and Hey! Presents. He has also made guest appearances in popular podcasts and YouTube channels, such as HackerOne, Security Weekly, Undetected, STÖK, Web Development Tutorials, and his work has been featured in the Code Maven and Intigriti blogs. He was awarded a Most Valuable Hacker (MVH) belt at the h1-4420 live event in 2019.

Tom enjoys giving back to the community through mentoring and teaching. He has hosted multiple workshops, including a series of talks on cybercrime for UK police and investigators.

More by Tom

Extend Your Knowledge

Check out these related resources.

Tool Talk Episode 10 Burp Suite
Workshops & Training

Powering Up Burp Suite: Building Custom Extensions for Advanced Web Application Testing

Learn how to power up web application security testing with tips on creating customized extensions featuring BurpCage, an extension that replaces any image proxied through Burp Suite leveraging the Montoya API.

Learn More
Headshots of security consultants, Matt Keeley and Joe Sechman presenting episode 2 of Bishop Fox Tool Talks: Fuzzing.
Virtual Session

A Deep Dive Into Fuzzing

Get the buzz on fuzz testing in software development.

Learn More
Tool Talk Episode 5: ripgen for finding subdomain permutations

Tool Talk: ripgen

In our fifth edition of the Tool Talk series, we explore ripgen, a subdomain discovery tool designed to significantly increase permutation combinations.

Learn More

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.