About the conference: JSFoo is a JavaScript conference hosted by HasGeek.
Theme this year: The broad theme this year is going to be Building Reliable Web Apps. Please refer to the Topics section below for the subject of talks and workshops we are looking for.
##Format
We are inviting proposals for:
Full-length 40 minute talks.
Crisp 15 minute talks.
Sponsored sessions, of 15 minutes and 40 minutes duration (limited slots available; subject to editorial scrutiny and approval).
Hands-on Workshop sessions, 3 and 6 hour duration.
##Selection process
Proposals will be filtered and shortlisted by an Editorial Panel. Please make sure to add links to videos / slide decks when submitting proposals. This will help us understand your speaking experience and delivery style. Blurbs or blog posts covering the relevance of a particular problem statement and how it is tackled will help the Editorial Panel better judge your proposals. We might contact you to ask if you’d like to repost your content on the official conference blog.
We expect you to submit an outline of your proposed talk – either in the form of a mind map or a text document or draft slides within two weeks of submitting your proposal.
You can check back on this page for the status of your proposal. We will notify you if we either move your proposal to the next round or if we reject it. Selected speakers must participate in one or two rounds of rehearsals before the conference. This is mandatory and helps you to prepare well for the conference.
A speaker is NOT confirmed a slot unless we explicitly mention so in an email or over any other medium of communication.
There is only one speaker per session. Entry is free for selected speakers. As our budget is limited, we prefer speakers from locations closer home, but will do our best to cover for anyone exceptional. HasGeek provides these limited grants where applicable: two international travel and accommodation grants, three domestic travel and accommodation grants. Grants are limited and made available to speakers delivering full sessions (40 minutes or longer). Speaker travel grants will be given in order of preference to students, women, persons of non-binary genders, and individuals for Asia and Africa first.
##Topics
Updated (19 April 2017): We are currently looking for talks in the following topics:
Testing: Testing tools and strategies; test driven development and testing culture; continuous integration and testing workflows; and case studies around testing your application.
Performance optimization: Performance analysis tools and techniques; best practices for building performant applications; browser, NodeJS, and framework internals; network protocols; and performance case studies.
Debugging: Tools for locating and fixing bugs in JavaScript applications; real world post-mortems of bugs that affected your organization; and using telemetry for debugging.
Immutability, type checking, and alternative programming languages: Alternatives to vanilla JavaScript; functional programming and immutability; types and type systems; and real-world case studies of introducing alternative programming languages and tools in your organization.
Build tooling: Build tools and automation, including task runners, linters, JavaScript bundlers, CSS pre- and post-processors, continuous integration tools, static analysis tools, and optimization tools.
Crash and performance monitoring: Monitoring applications for crashes and performance issues while in production.
##Commitment to open source
HasGeek believes in open source as the binding force of our community. If you are describing a codebase for developers to work with, we’d like for it to be available under a permissive open source licence. If your software is commercially licensed or available under a combination of commercial and restrictive open source licences (such as the various forms of the GPL), please consider picking up a sponsorship. We recognise that there are valid reasons for commercial licensing, but ask that you support us in return for giving you an audience. Your session will be marked on the schedule as a “sponsored session”.
##Important dates
Deadline for submitting proposals: 15 June 2017
**Conference dates: ** 15–16 September 2017
##Contact
For more information about speaking proposals, tickets and sponsorships, contact info@hasgeek.com or call +91 76763 32020.
Note: We aren’t accepting any new talks.
RW
Riyaz Walikar
@riyazw
Safety not Guaranteed
Submitted Sep 1, 2017
Section:
Full Talk
Technical level:
Intermediate
Hackers are everywhere! Are they also in your client side code? What do attackers target when they are breaking JavaScript frameworks and libraries? How are they stealing those elusive crypto keys and your authentication protected data?
Detecting and exploiting JavaScript security issues can easily become complex since the scope for attack would be constrained by features built into the framework and libraries. Allowing external resources to be loaded via Content Delivery Networks, improper dynamic parsing of user input, using 3rd party widgets and extensions can all lead to security troubles.
This talk will take the audience through multiple case studies of JavaScript framework/library bugs and the impact that these bugs would have if exploited. Real world examples of application security testing that show how we were able to bypass controls and gain access to data will also be covered. The talk will also cover some common security server configurations that can break client side applications when implemented as is.
Outline
Application Security Clinic
Speaker bio
Riyaz Walikar is a web application pentester, security evangelist and researcher. He has been active in the security community for the better part of the last 10 years. He has been actively involved with the Bangalore OWASP and null chapters for the last 7 years and is one of the OWASP and null Bangalore chapter leads. He is actively involved with Vulnerability Research in popular web applications and network aware services and has disclosed multiple security issues in popular software like Apache Archiva, Openfire, Joomla!, EJabberd, .NET Script Injection Bypass and has found vulnerabilities with popular web applications like Facebook, Twitter, Google, Cisco, Symantec, Mozilla, PayPal, Ebay, Apigee, Yahoo, Adobe, Tumblr, Pinterest etc. and for which he is on the Hall of Fame for most of these services.
He has also been a speaker and trainer at many security conferences including OWASP AppsecUSA 2012, BlackHat Abu Dhabi 2012, Las Vegas 2015, EU 2015, nullcon 2012, 2013, 2014, 2015, 2016 and 2017, DefCon Las Vegas 2016 and c0c0n 2011, 2013, 2015 and 2016.
Some of the trainings/workshops by Riyaz:
Secure Web Programming 2-day training at HackerRank Bangalore 2017
Xtreme Web Hacking at NULLCON Goa 2012, 2013, 2014, 2015, 2016
Cloud Security for Devs & Ops – NULLCON 2017
Ninja Level Infrastructure Monitoring – DefCon 2016
Xtreme Web Hacking (CTF Style) – c0c0n 2015, 2016
Some of the talks given Riyaz:
Poking Servers with Facebook – AppsecUSA 2012, BlackHat Abu Dhabi 2012, c0c0n 2013
A Pentester’s Methodology to Discover and Exploit Windows Privilege Escalation flaws – c0c0n 2015, nullcon 2016
Esoteric XSS Payloads – c0c0n 2016
The Whys and Hows of Cyber Attacks – SAP Security Summit 2016
Online:
+www.linkedin.com/in/riyazw
+http://www.twitter.com/@riyazwalikar
+http://www.twitter.com/@wincmdfu
Slides
https://speakerdeck.com/riyazwalikar/safety-not-guaranteed-v2
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}