[OWASP-Bangalore] null Bangalore Bachaav | JavaScript Security on Saturday 21st December 2013

Akash akashmahajan at gmail.com
Sun Dec 15 17:15:14 UTC 2013


Hi Swaroop,

Due to the way hands-on workshops are conducted, we don't think it will add
any value to stream/record the sessions. We do release all the code,
presentations and related documents under an open license for anyone to
peruse.

Thank you for your query.


On 15 December 2013 20:47, Swaroop Sandeep Shastri <shastriswaroop at gmail.com
> wrote:

> Hello Team,
> I have attended your recent meet @ Bangalore yesterday and I
> congratulate you for sharing interesting things happening in
> application/web security domain.
>
> I wish I could attend upcoming Bachao Meet On javascript, but due to
> some personal work , I will be out of Bangalore and would not be able
> to attend it in person.
> Due to this reason, I want to know if you will be sharing/steeming it
> live so that I can attend it online.
> Let me know the details so that i can get benifited with it.
>
> Regards,
> Swaroop Shastri
>
>
>
> On 10/12/2013, Akash <akashmahajan at gmail.com> wrote:
> > This session will cover a small part of JavaScript security, which is of
> > prime importance nowadays. Today, JavaScript is the only language which
> > runs on every machine by default, owing to the fact that it is the
> > scripting language of the browsers. Due to the not so awesome nature of
> > earlier ECMAScript versions and a very quirky implementation of the
> > Document Object Model (DOM) in the browser, dealing with JavaScript code
> > can become very tricky at times.
> >
> > If you have ever wondered about the security implications which lies
> > beneath these quirky behaviours, this session is totally for you. Talking
> > about client-side browser security for a whole day would be cool, but how
> > about we make it more relevant to our day to day web applications?
> >
> > *The session would concentrate on*
> >
> >    -     Fixing browser based injection attacks like DOM XSS
> >    -     Sandboxing the DOM properties
> >    -     Implications of polluting the global namespace
> >    -     Thought process of bypassing an XSS filters and then fixing them
> >
> >
> > Since defending requires a very good understanding of what the attack
> > surface is like, we make sure that the attacking part is completely
> covered
> > as a primer, before defending something. You don’t need to be a Mutation
> > XSS expert to attend this. As long you know what Javascript is and have
> > written basic web applications, you will find this useful and
> interesting.
> >
> > *Pre-requisites*
> >
> >    -     Basic knowledge of JavaScript.
> >    -     Written a few basic web applications
> >
> >
> > *Bachaav Champion | @skeptic_fx* *| Nafeez Ahamed*
> >
> > Nafeez Ahamed works as a security engineer solving exciting and new
> > problems in the security space. His areas of expertise include
> client-side
> > security and network security. Most of his time is spent, trying to find
> > new ways to defend things in the browser. He feels that defending
> anything
> > is much harder than attacking, especially if you know what the
> > sophisticated attackers are up to.
> >
> > *Important information for attendees*
> >
> > Bachaav sessions are free to attend but only with prior invitation.
> > Participants will be selected based on how they fill the registration
> form.
> > All applications are evaluated by the Bachaav Champion to select those
> who
> > the Champion thinks will get the most from the session. Only selected
> > applicants will be emailed further details. Even though we would like to
> > get everyone to attend, sometimes the topic at hand requires extensive
> > knowledge of the subject and this means that the Champion may not feel
> > confident to have an applicant in the session.
> >
> >
> >
> > *Registrations Close on 17th Dec 2013 23:59 PM*
> > *Link *
> >
> https://docs.google.com/a/null.co.in/forms/d/1H0aaoMYkv0JlLIz5Zhm6sdCZ__LkMTtbh6UFzTNLcU4/viewform
> >
> > *More information about null Bachaav Sessions*
> >
> http://null.co.in/2013/11/18/announcing-null-bachaav-defensive-security-workshops/
> >
> >
> >
> >
> >
> >
> > --
> > Warm regards,
> > Akash Mahajan
> >
> > *That Web Application Security Guy* | +91 99 805 271 82
> > akashm.com | *@makash* on twitter | linkd.in/webappsecguy
> > *OWASP Bangalore Chapter Lead | null Community Manager*
> >
>



-- 
Warm regards,
Akash Mahajan

*That Web Application Security Guy* | +91 99 805 271 82
akashm.com | *@makash* on twitter | linkd.in/webappsecguy
*OWASP Bangalore Chapter Lead | null Community Manager*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20131215/7c13bc22/attachment.html>


More information about the OWASP-Bangalore mailing list