JavaScript controls our lives – we use it to zoom in and out on a map, automatically schedule doctor appointments and play games online. But have we ever properly considered the security state of the scripting language? Before dismissing JavaScript security on the grounds of a client-side problem, consider the impact the exploitation of a JavaScript vulnerability on the enterprise: stealing server-side data to infecting users with malware and worse. Attackers are beginning to recognize this new playground, quickly adding JavaScript exploitation tools to their Web attack arsenal.