JSFoo 2012 Chennai

Chennai JavaScripters ahoy!

After Bangalore and Pune, JSFoo is coming to Chennai! JSFoo is a one day conference about developing next-generation applications in JavaScript. Join us for a full day of intense sessions on a variety of topics ranging from core JavaScript concepts to building complete web-applications in JavaScript.

This is your chance to mingle with and learn from JavaScript experts from all over the country!

Sessions are for 45 minutes each: 30 minutes speaking, 10 minutes of Q&A and 5 minutes for people to move between rooms. Tickets are free for confirmed speakers. If you’ve proposed to speak, please wait to hear from us before you buying your ticket. If your proposal is not selected, you will still get Early Geek pricing.

Hosted by

JSFoo is a forum for discussing UI engineering; fullstack development; web applications engineering, performance, security and design; accessibility; and latest developments in #JavaScript. Follow JSFoo on Twitter more

Krishna Chaitanya T

@novogeek

JavaScript is mischievous. Handle 3rd party content with care!

Submitted Feb 8, 2012

The objective of this talk is to explain how insecure client side communications can be and the care one should take to securely integrate third party content.

Outline

Mashups, a breed of modern web applications, often integrate content from different origins on the client side and provide rich interactivity. The aggregated content can be in the form of widgets, social plugins, advertisements etc. A mashup built just by embedding third party JavaScript files is inherently insecure as its security boils down to ‘trust’ on the script provider.

Building secure web mashups involves several challenges like keeping same origin policy, navigation policies of browsers in mind, assuring confidentiality, authentication, reliability, script isolation etc. Also, when sufficient care is not taken, attackers can eavesdrop inter-party communication via framing attacks, deceive via UI-redress attacks etc. This talk tries to cover these challenges and explain secure coding practices for building web mashups.

Requirements

Decent knowledge of JavaScript.
Experience of building mashups will help understand the talk better.

Speaker bio

I’m a web guy working at a reputed security research lab at Hyderabad. I blog on my little tech experiments, present regularly at Microsoft’s online & offline technical community events on web development.
I’m a Microsoft MVP for ASP.NET (2010) and Internet Explorer (2011). More info on my blog.

Slides

http://www.slideshare.net/novogeek/jsfoo-chennai-2012

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

JSFoo is a forum for discussing UI engineering; fullstack development; web applications engineering, performance, security and design; accessibility; and latest developments in #JavaScript. Follow JSFoo on Twitter more