• Mark Stuart
  • Sr. App Engineer PayPal
  • Twitter
I'm a Senior App Engineer at PayPal where I specialize in building large-scale JavaScript apps in Node and Backbone for our Consumer web and Checkout experiences. Before that, I led the development of State Farm's Mobile Web app where I re-built it from Java/Struts to a more modern SPA architecture which resulted in huge performance and developer productivity gains. Besides my day job, I'm also involved in and contribute to many open source projects. Beer.


  • Web Security in Node.js and JavaScript Apps (SPAs)
  • Time: 9:00am - 9:50am | Room: Grand C

Security is usually an afterthought but is an important part of building a production-ready app.

You're probably using plain vanilla Express. Fail. You're probably using a templating library like Underscore or Handlebars. Ha, sorry! You're probably only sanitizing user data. Nope, won't save you.

In this talk, I plan to identify even more anti-patterns and share best practices for securing your apps (focusing on Node.js and SPA libraries like backbone). I'll show actual security holes found in code and how you can patch them, too!

I hope to inspire others to care about security and take the extra step to secure their app and their users. Thanks!