Building detailed maps of web applications and their supporting JavaScript code and files is paramount to vulnerability discovery in offensive security testing. But for pen testers, discovering the deepest, darkest secrets in JavaScript can be like mining for gold, sifting through copious amounts of extraneous information to find the smallest bits of criticality that expose weak points in applications. Knowing where to turn for the latest and greatest JavaScript mining tool developments is worth its weight in gold for offensive security practitioners needing to constantly increase efficiency and efficacy in web application penetration testing.

We invite you to join the eleventh episode of our Tool Talk series to hear from Tom Hudson, Senior Security Engineer at Bishop Fox, and developer of jsluice – an open-source, Go package and command-line tool used for extracting URLs, paths, secrets, and other interesting data from JavaScript source code.

Tune in as we:

• Investigate why it is beneficial to continuously improve speed and efficiency to discover vulnerabilities in JavaScript files and code
• Learn how jsluice sifts through large amounts of JavaScript to discover small pieces of valuable information for vulnerability discovery
• Listen as we share how to use the four modes in jsluice and implement in your own projects: URLs, secrets, tree, and query