Hack Me If You Can: Uncovering Web Vulnerabilities

About this talk

Every web app has ghosts lurking in the shadows — hidden vulnerabilities just waiting to be exploited. In this talk at JSWORLD Conference 2026 at RAI Amsterdam, we look at how some major companies got hacked in the past and walk through a live demonstration of how a real web application is compromised, uncovering the threats that could easily impact your own projects. The session unpacks the most common vulnerability classes, what happens when proper security systems are not in place, and the practical controls every JavaScript developer should have in their toolkit.

Key takeaways

• How attackers identify and exploit common web application vulnerabilities
• A live exploit walkthrough — seeing a real attack from the attacker's perspective
• The most impactful security controls to add to a JavaScript application
• How to think offensively to build defensively