JSFoo 2017

Security is important but not everyone cares about it until something bad happens. Don’t Let Security be the ‘Elephant in the Room’.
In this talk, I’ll speak about best practices for writing secure JavaScript, common pitfalls and HTTP Security Headers. We’ll go a step further and dive into a vulnerable Single-Page Application with a step by step discussion of the security issues, their impacts, and how to identify & defend against them. I’ll also touch upon about some interesting vulnerabilities which I have found and reported to some commonly used web apps.

Outline

This talks covers the top overlooked security threats and helps audience in writing secure JavaScript. Demonstration of a vulnerable Single Page Application with a step by step discussion of the security issues, impacts and remediation strategies.

Key Takeaways:

1. Cross-site Scripting (XSS) & CSP
2. Cross-site Request Forgery (CSRF)
3. HTTP Security Headers
4. Other Best Practices

At the end of the talk, one should be able to identify & fix the security vulnerabilities in real world applications, write secure code and thus help in making the web more secure.

Speaker bio

Dheeraj is a Front-end Artisan and the InfoSec guy at Wingify. He is quite adept at writing JavaScript, an open source lover, and web security enthusiast. When he is not writing code, he spends time finding and reporting security vulnerabilities in web applications.

Links

• Blog - https://medium.com/@dheerajhere
• Twitter - https://twitter.com/dheerajhere
• Github - https://github.com/djadmin

Slides

https://docs.google.com/presentation/d/1R5559hLI0rNsAnLw3gri0kEhL5GOXzmZu43lPXoLCFc/pub