JSFoo 2017

JSFoo is a conference about JavaScript and everything related.

Oblivion and JavaScript - The nuances of security

Submitted by Shreyansh Pandey (@weirdpanda) on Saturday, 20 May 2017

videocam_off

Technical level

Intermediate

Section

Crisp Talk

Status

Submitted

Vote on this proposal

Login to vote

Total votes:  +2

Abstract

Take an application. Any application. Discect it. What do you see? Garbled bits of JavaScript code which has been glued with a very thin coating of AJAX. Regardless of what it is: an eBook reader, a banking application, many government websites, etc. there is always something which is lacking… something which is amiss; more often that not, it’s the security. It’s needless to emphasize the threat these mistakes are to the primordial concept which required them to be so secretive: their proprietary secrets, copyrights, etc. In this short talk, I will discuss the applications I reverse engineered and how I managed to extract a lot of things from that simple flaw. After this, I will talk about how you can make your application resistant to the threats mentioned and more.

Outline

  • Introduction - Who? How? What?
  • The flawed eBook reader
  • A weary authentication service
  • Microscopic
    • The eBook reader
    • Authentication service
  • Prevention
    • Examples
  • Conslusion and Questions

Speaker bio

A 18-year old developer, technology enthusiast and DevOps lover. For the past 5 years, I have tinkered around with systems, written backends in languages ranging from PHP to Node. Personally, I love taking up challenges and educate people about whatever I learnt from them. DevOps and backend development are the two most interesting fields for me, but the problem is the fact these amazing tools and standards have a very steep learning curve and, thus, amateurs are often terrified, to say the least; therefore, teaching something as advanced as possible with as little technicality (in language, that is) has been my long time passion. Although young, I promise that the talk will be nothing short in terms of clarity, brevity, and humour.

Previously, I made (and broke) things at Gamezop as their Backend and Infrastructure Lead; currently researching on secure payment protocols at the University of Washington, Seattle.

Comments

Login with Twitter or Google to leave a comment