JSFoo 2017

JSFoo is a conference about JavaScript and everything related.

Understanding JavaScript Security

Submitted by Dheeraj Joshi (@djadmin) on Monday, 5 June 2017

videocam
Preview video

Technical level

Intermediate

Section

Full Talk

Status

Submitted

Vote on this proposal

Login to vote

Total votes:  +8

Abstract

Security is important but not everyone cares about it until something bad happens. Don’t Let Security be the ‘Elephant in the Room’.
In this talk, I’ll speak about best practices for writing secure JavaScript, common pitfalls and HTTP Security Headers. We’ll go a step further and dive into a vulnerable Single-Page Application with a step by step discussion of the security issues, their impacts, and how to identify & defend against them. I’ll also touch upon about some interesting vulnerabilities which I have found and reported to some commonly used web apps.

Outline

This talks covers the top overlooked security threats and helps audience in writing secure JavaScript. Demonstration of a vulnerable Single Page Application with a step by step discussion of the security issues, impacts and remediation strategies.

Key Takeaways:

1) Cross-site Scripting (XSS) & CSP
2) Cross-site Request Forgery (CSRF)
3) HTTP Security Headers
4) Other Best Practices

At the end of the talk, one should be able to identify & fix the security vulnerabilities in real world applications, write secure code and thus help in making the web more secure.

Speaker bio

Dheeraj is a Front-end Artisan and the InfoSec guy at Wingify. He is quite adept at writing JavaScript, an open source lover, and web security enthusiast. When he is not writing code, he spends time finding and reporting security vulnerabilities in web applications.

Links

Slides

https://docs.google.com/presentation/d/1R5559hLI0rNsAnLw3gri0kEhL5GOXzmZu43lPXoLCFc/pub

Preview video

https://youtu.be/v0HRZ6lEck4

Comments

  • 1
    Sandhya Ramesh (@sandhyaramesh) Reviewer a year ago

    Hi Dheeraj, in order to proceed with evaluation of your proposal, we need your draft slides and a two minute self recorded video of you walking us through your content. Please edit this proposal and submit it as soon as possible. Thanks!

  • 1
    Dheeraj Joshi (@djadmin) Proposer a year ago

    Hey! Just wanted to know if the previously recorded talks will also work in this case?
    (Links: https://www.youtube.com/watch?v=XaHkHBtth-U, https://www.youtube.com/watch?v=csE5tp94wfw)

    And If it doesn’t, I should record and send it right away.

    • 1
      Sandhya Ramesh (@sandhyaramesh) Reviewer a year ago

      Yes, please upload a video relevant to this talk specifically? And also your slides.

      • 1
        Dheeraj Joshi (@djadmin) Proposer a year ago

        Sure. Please let me know if you need more information.

Login with Twitter or Google to leave a comment