JSFoo 2017

Take an application. Any application. Discect it. What do you see? Garbled bits of JavaScript code which has been glued with a very thin coating of AJAX. Regardless of what it is: an eBook reader, a banking application, many government websites, etc. there is always something which is lacking... something which is amiss; more often that not, it’s the security. It’s needless to emphasize the threat these mistakes are to the primordial concept which required them to be so secretive: their proprietary secrets, copyrights, etc. In this short talk, I will discuss the applications I reverse engineered and how I managed to extract a lot of things from that simple flaw. After this, I will talk about how you can make your application resistant to the threats mentioned and more.

Outline

• Introduction - Who? How? What?
• The flawed eBook reader
• A weary authentication service
• Microscopic
  • The eBook reader
  • Authentication service
• Prevention
  • Examples
• Conslusion and Questions

Speaker bio

A 18-year old developer, technology enthusiast and DevOps lover. For the past 5 years, I have tinkered around with systems, written backends in languages ranging from PHP to Node. Personally, I love taking up challenges and educate people about whatever I learnt from them. DevOps and backend development are the two most interesting fields for me, but the problem is the fact these amazing tools and standards have a very steep learning curve and, thus, amateurs are often terrified, to say the least; therefore, teaching something as advanced as possible with as little technicality (in language, that is) has been my long time passion. Although young, I promise that the talk will be nothing short in terms of clarity, brevity, and humour.

Previously, I made (and broke) things at Gamezop as their Backend and Infrastructure Lead; currently researching on secure payment protocols at the University of Washington, Seattle.