[OWASP-Bangalore] null Bangalore Bachaav | JavaScript Security on Saturday 21st December 2013

Akash akashmahajan at gmail.com
Tue Dec 10 14:29:58 UTC 2013


This session will cover a small part of JavaScript security, which is of
prime importance nowadays. Today, JavaScript is the only language which
runs on every machine by default, owing to the fact that it is the
scripting language of the browsers. Due to the not so awesome nature of
earlier ECMAScript versions and a very quirky implementation of the
Document Object Model (DOM) in the browser, dealing with JavaScript code
can become very tricky at times.

If you have ever wondered about the security implications which lies
beneath these quirky behaviours, this session is totally for you. Talking
about client-side browser security for a whole day would be cool, but how
about we make it more relevant to our day to day web applications?

*The session would concentrate on*

   -     Fixing browser based injection attacks like DOM XSS
   -     Sandboxing the DOM properties
   -     Implications of polluting the global namespace
   -     Thought process of bypassing an XSS filters and then fixing them


Since defending requires a very good understanding of what the attack
surface is like, we make sure that the attacking part is completely covered
as a primer, before defending something. You don’t need to be a Mutation
XSS expert to attend this. As long you know what Javascript is and have
written basic web applications, you will find this useful and interesting.

*Pre-requisites*

   -     Basic knowledge of JavaScript.
   -     Written a few basic web applications


*Bachaav Champion | @skeptic_fx* *| Nafeez Ahamed*

Nafeez Ahamed works as a security engineer solving exciting and new
problems in the security space. His areas of expertise include client-side
security and network security. Most of his time is spent, trying to find
new ways to defend things in the browser. He feels that defending anything
is much harder than attacking, especially if you know what the
sophisticated attackers are up to.

*Important information for attendees*

Bachaav sessions are free to attend but only with prior invitation.
Participants will be selected based on how they fill the registration form.
All applications are evaluated by the Bachaav Champion to select those who
the Champion thinks will get the most from the session. Only selected
applicants will be emailed further details. Even though we would like to
get everyone to attend, sometimes the topic at hand requires extensive
knowledge of the subject and this means that the Champion may not feel
confident to have an applicant in the session.



*Registrations Close on 17th Dec 2013 23:59 PM*
*Link *
https://docs.google.com/a/null.co.in/forms/d/1H0aaoMYkv0JlLIz5Zhm6sdCZ__LkMTtbh6UFzTNLcU4/viewform

*More information about null Bachaav Sessions*
http://null.co.in/2013/11/18/announcing-null-bachaav-defensive-security-workshops/






-- 
Warm regards,
Akash Mahajan

*That Web Application Security Guy* | +91 99 805 271 82
akashm.com | *@makash* on twitter | linkd.in/webappsecguy
*OWASP Bangalore Chapter Lead | null Community Manager*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20131210/fabe319c/attachment.html>


More information about the OWASP-Bangalore mailing list