[OWASP-Bangalore] null Bangalore Bachaav | JavaScript Security on Saturday 21st December 2013

Swaroop Sandeep Shastri shastriswaroop at gmail.com
Sun Dec 15 15:17:09 UTC 2013


Hello Team,
I have attended your recent meet @ Bangalore yesterday and I
congratulate you for sharing interesting things happening in
application/web security domain.

I wish I could attend upcoming Bachao Meet On javascript, but due to
some personal work , I will be out of Bangalore and would not be able
to attend it in person.
Due to this reason, I want to know if you will be sharing/steeming it
live so that I can attend it online.
Let me know the details so that i can get benifited with it.

Regards,
Swaroop Shastri



On 10/12/2013, Akash <akashmahajan at gmail.com> wrote:
> This session will cover a small part of JavaScript security, which is of
> prime importance nowadays. Today, JavaScript is the only language which
> runs on every machine by default, owing to the fact that it is the
> scripting language of the browsers. Due to the not so awesome nature of
> earlier ECMAScript versions and a very quirky implementation of the
> Document Object Model (DOM) in the browser, dealing with JavaScript code
> can become very tricky at times.
>
> If you have ever wondered about the security implications which lies
> beneath these quirky behaviours, this session is totally for you. Talking
> about client-side browser security for a whole day would be cool, but how
> about we make it more relevant to our day to day web applications?
>
> *The session would concentrate on*
>
>    -     Fixing browser based injection attacks like DOM XSS
>    -     Sandboxing the DOM properties
>    -     Implications of polluting the global namespace
>    -     Thought process of bypassing an XSS filters and then fixing them
>
>
> Since defending requires a very good understanding of what the attack
> surface is like, we make sure that the attacking part is completely covered
> as a primer, before defending something. You don’t need to be a Mutation
> XSS expert to attend this. As long you know what Javascript is and have
> written basic web applications, you will find this useful and interesting.
>
> *Pre-requisites*
>
>    -     Basic knowledge of JavaScript.
>    -     Written a few basic web applications
>
>
> *Bachaav Champion | @skeptic_fx* *| Nafeez Ahamed*
>
> Nafeez Ahamed works as a security engineer solving exciting and new
> problems in the security space. His areas of expertise include client-side
> security and network security. Most of his time is spent, trying to find
> new ways to defend things in the browser. He feels that defending anything
> is much harder than attacking, especially if you know what the
> sophisticated attackers are up to.
>
> *Important information for attendees*
>
> Bachaav sessions are free to attend but only with prior invitation.
> Participants will be selected based on how they fill the registration form.
> All applications are evaluated by the Bachaav Champion to select those who
> the Champion thinks will get the most from the session. Only selected
> applicants will be emailed further details. Even though we would like to
> get everyone to attend, sometimes the topic at hand requires extensive
> knowledge of the subject and this means that the Champion may not feel
> confident to have an applicant in the session.
>
>
>
> *Registrations Close on 17th Dec 2013 23:59 PM*
> *Link *
> https://docs.google.com/a/null.co.in/forms/d/1H0aaoMYkv0JlLIz5Zhm6sdCZ__LkMTtbh6UFzTNLcU4/viewform
>
> *More information about null Bachaav Sessions*
> http://null.co.in/2013/11/18/announcing-null-bachaav-defensive-security-workshops/
>
>
>
>
>
>
> --
> Warm regards,
> Akash Mahajan
>
> *That Web Application Security Guy* | +91 99 805 271 82
> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
> *OWASP Bangalore Chapter Lead | null Community Manager*
>


More information about the OWASP-Bangalore mailing list