If your website includes third-party JavaScript, you are running code you probably haven’t reviewed, can’t inspect in production, and don’t control when it changes. That code runs with full access to the DOM, user data, authentication state, business logic, and more.

This session explores the risk of what that really means and what can go wrong. You can’t secure what you can’t see — but the browser can.