Swaroop Sandeep Shastri
shastriswaroop at gmail.com
Sun Dec 15 15:17:09 UTC 2013
I have attended your recent meet @ Bangalore yesterday and I
congratulate you for sharing interesting things happening in
application/web security domain.
some personal work , I will be out of Bangalore and would not be able
to attend it in person.
Due to this reason, I want to know if you will be sharing/steeming it
live so that I can attend it online.
Let me know the details so that i can get benifited with it.
On 10/12/2013, Akash <akashmahajan at gmail.com> wrote:
> runs on every machine by default, owing to the fact that it is the
> scripting language of the browsers. Due to the not so awesome nature of
> earlier ECMAScript versions and a very quirky implementation of the
> can become very tricky at times.
> If you have ever wondered about the security implications which lies
> beneath these quirky behaviours, this session is totally for you. Talking
> about client-side browser security for a whole day would be cool, but how
> about we make it more relevant to our day to day web applications?
> *The session would concentrate on*
> - Fixing browser based injection attacks like DOM XSS
> - Sandboxing the DOM properties
> - Implications of polluting the global namespace
> - Thought process of bypassing an XSS filters and then fixing them
> Since defending requires a very good understanding of what the attack
> surface is like, we make sure that the attacking part is completely covered
> as a primer, before defending something. You don’t need to be a Mutation
> written basic web applications, you will find this useful and interesting.
> - Written a few basic web applications
> *Bachaav Champion | @skeptic_fx* *| Nafeez Ahamed*
> Nafeez Ahamed works as a security engineer solving exciting and new
> problems in the security space. His areas of expertise include client-side
> security and network security. Most of his time is spent, trying to find
> new ways to defend things in the browser. He feels that defending anything
> is much harder than attacking, especially if you know what the
> sophisticated attackers are up to.
> *Important information for attendees*
> Bachaav sessions are free to attend but only with prior invitation.
> Participants will be selected based on how they fill the registration form.
> All applications are evaluated by the Bachaav Champion to select those who
> the Champion thinks will get the most from the session. Only selected
> applicants will be emailed further details. Even though we would like to
> get everyone to attend, sometimes the topic at hand requires extensive
> knowledge of the subject and this means that the Champion may not feel
> confident to have an applicant in the session.
> *Registrations Close on 17th Dec 2013 23:59 PM*
> *Link *
> *More information about null Bachaav Sessions*
> Warm regards,
> Akash Mahajan
> *That Web Application Security Guy* | +91 99 805 271 82
> akashm.com | *@makash* on twitter | linkd.in/webappsecguy
> *OWASP Bangalore Chapter Lead | null Community Manager*
More information about the OWASP-Bangalore