[OWASP-Bangalore] null Bangalore Bachaav | JavaScript Security on Saturday 21st December 2013

Sanjog sanjogpandasp at gmail.com
Thu Dec 12 18:05:11 UTC 2013

Hi Akash,

I have submitted the form due filled. Can you please tell me the venue for
this workshop session, so that i can plan .


On Tue, Dec 10, 2013 at 7:59 PM, Akash <akashmahajan at gmail.com> wrote:

> This session will cover a small part of JavaScript security, which is of
> prime importance nowadays. Today, JavaScript is the only language which
> runs on every machine by default, owing to the fact that it is the
> scripting language of the browsers. Due to the not so awesome nature of
> earlier ECMAScript versions and a very quirky implementation of the
> Document Object Model (DOM) in the browser, dealing with JavaScript code
> can become very tricky at times.
> If you have ever wondered about the security implications which lies
> beneath these quirky behaviours, this session is totally for you. Talking
> about client-side browser security for a whole day would be cool, but how
> about we make it more relevant to our day to day web applications?
> *The session would concentrate on*
>    -     Fixing browser based injection attacks like DOM XSS
>    -     Sandboxing the DOM properties
>    -     Implications of polluting the global namespace
>    -     Thought process of bypassing an XSS filters and then fixing them
> Since defending requires a very good understanding of what the attack
> surface is like, we make sure that the attacking part is completely covered
> as a primer, before defending something. You don’t need to be a Mutation
> XSS expert to attend this. As long you know what Javascript is and have
> written basic web applications, you will find this useful and interesting.
> *Pre-requisites*
>    -     Basic knowledge of JavaScript.
>    -     Written a few basic web applications
> *Bachaav Champion | @skeptic_fx* *| Nafeez Ahamed*
> Nafeez Ahamed works as a security engineer solving exciting and new
> problems in the security space. His areas of expertise include client-side
> security and network security. Most of his time is spent, trying to find
> new ways to defend things in the browser. He feels that defending anything
> is much harder than attacking, especially if you know what the
> sophisticated attackers are up to.
> *Important information for attendees*
> Bachaav sessions are free to attend but only with prior invitation.
> Participants will be selected based on how they fill the registration form.
> All applications are evaluated by the Bachaav Champion to select those who
> the Champion thinks will get the most from the session. Only selected
> applicants will be emailed further details. Even though we would like to
> get everyone to attend, sometimes the topic at hand requires extensive
> knowledge of the subject and this means that the Champion may not feel
> confident to have an applicant in the session.
> *Registrations Close on 17th Dec 2013 23:59 PM*
> *Link *
> https://docs.google.com/a/null.co.in/forms/d/1H0aaoMYkv0JlLIz5Zhm6sdCZ__LkMTtbh6UFzTNLcU4/viewform
> *More information about null Bachaav Sessions*
> http://null.co.in/2013/11/18/announcing-null-bachaav-defensive-security-workshops/
> --
> Warm regards,
> Akash Mahajan
> *That Web Application Security Guy* | +91 99 805 271 82
> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
> *OWASP Bangalore Chapter Lead | null Community Manager*
> _______________________________________________
> OWASP-Bangalore mailing list
> OWASP-Bangalore at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-bangalore

Thank you,
Sanjog Panda
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20131212/59513af7/attachment.html>

More information about the OWASP-Bangalore mailing list