JavasCrypto: How we are using browsers as Cryptographic Engines

Kat Traxler

Kat Traxler

Speaker Bio

Kat Traxler takes is your InfoSec spy in the Javascript development world.  By day she is a Web Application Penetration Tester, by night she blends in at dev meetups, taking the free stickers and acting as your eyes and ears.  If Web 2.0 is a train wreck, she wants a front seat.


In order to achieve end-to-end encryption, build zero-knowledge systems, and provide users with the convenience they are accustomed to, Web 2.0 is pushing cryptography to your browser. From secure e-mail to credit card transactions, our security is increasingly dependent on the integrity of client side javascript. The opportunities for exploit are many but with every new vulnerability has come a potential mitigation, all in an attempt to strong arm these sensitive operations into the browser, limit an applications liability, and keep us users happy. In my presentation, we will look at the fundamental nature of javascript, web browsers, and conclude what level of protection, in the best of circumstances, JavasCrypto affords the end user.