Email the Author
You can use this page to email Gareth Heyes about JavaScript for hackers.
About the Book
Have you ever wondered how a hacker approaches finding flaws in the browser and JavaScript? This book shares the thought processes and gives you tools to find your own flaws. It shares the basics of JavaScript hacking, then dives in and explains how to construct JavaScript payloads that don't use parentheses.
- Shows how you can find flaws with fuzzing and how to quickly fuzz millions of characters in seconds.
- Want to hack the DOM? This book has you covered.
- Read about various browser SOP bypasses that the author found in detail.
- No idea about client-side prototype pollution? This is the book for you!
- Want to learn the latest & greatest XSS techniques? You need to buy this book.
About the Author
PortSwigger researcher Gareth Heyes is probably best known for his work escaping JavaScript sandboxes, and creating super-elegant XSS vectors. In his spare time he likes to create interative 3D rooms and games in pure CSS and can be often found posting about it and experimenting on his web site garethheyes.co.uk. Gareth is a father to two wonderful girls and husband to an amazing wife, as well as an ardent fan of Liverpool FC.
In his daily life at PortSwigger, Gareth can often be found creating new XSS vectors, researching new techniques to attack web applications, and preparing to speak at conferences around the globe. A recent highlight was his presentation "Server-side prototype pollution: Black-box detection without the DoS" at OWASP Global AppSec Dublin, 2023. He's also the author of PortSwigger's XSS Cheat Sheet. In his spare time he loves writing new BApp extensions (he's the creator of both Hackvertor and Taborator).