Web security is an important consideration for any application, but as JavaScript becomes an increasingly vital part of the Web, we need to consider the specifics of JavaScript.  One way to check the security of your applications is using “penetration testing,” also known as “pentesting.”  In this talk, Prasanna Kanagasabei describes his experiences as a pentester working with JavaScript, and describes the challenges and issues that he has had in trying to check JavaScript-based applications — and the things he wishes the engineers who had written those knew when writing the apps.