Secure by Design – Hardening JavaScript Applications in 2026

Abstract With JavaScript powering everything from critical APIs to mobile apps, security remains a pressing challenge. Supply chain vulnerabilities, XSS, CSRF, and dependency risks continue to dominate the landscape. In this session, I’ll present a framework for securing JavaScript applications end-to-end—covering package hygiene, runtime protections, and front-end defense patterns. Using real-world incidents as case studies, we’ll explore how teams applied automated dependency scanning, Content Security Policies (CSP), and sandboxed workers to minimize risk. Attendees will walk away with practical security playbooks tailored for modern JavaScript stacks. What’s your talk about? How to integrate security best practices directly into the JavaScript development lifecycle—shifting from reactive patching to proactive resilience. What audience will get: • Proven strategies for preventing supply chain and runtime attacks • Practical steps to enforce front-end and API security • Framework for embedding security checks in CI/CD pipelines Target audience: JavaScript developers, security engineers, DevSecOps practitioners, and engineering leaders.