Oct 2018
22 Mon
23 Tue
24 Wed
25 Thu
26 Fri 08:30 AM – 05:40 PM IST
27 Sat 08:30 AM – 05:40 PM IST
28 Sun
Oct 2018
22 Mon
23 Tue
24 Wed
25 Thu
26 Fri 08:30 AM – 05:40 PM IST
27 Sat 08:30 AM – 05:40 PM IST
28 Sun
Lavakumar Kuppan
Malicious Code Execution is considered to be one of the most serious security issues across any technology. This has plagued client-side JavaScript in the form of Cross-site Scripting. Though this issue has been around since the early days of the web, its variations, prevention techniques and detection mechanisms have evolved over time. This talk will cover everything a modern developer absolutely must know about on client-side malicious code execution.
Introduction to Client-side Code Execution and all of its variants
○ Reflected Server XSS
○ Reflected Client XSS
○ Stored Client XSS
□ Server-side Store
□ Client-side Store
○ Cross-origin Client XSS
Code patterns and APIs that cause Client-side Code Execution
Client-side Code Execution in modern frameworks like Angular, React etc.
Detection of Client-side Code Execution
Recommendations to prevent Client-side Code Execution
○ Proper use of APIs
○ Encoding
○ Content Security Policy
Lavakumar Kuppan is the founder of Ironwasp Security. He is a security researcher and a product developer. He has done extensive research on web security with special focus on JavaScript security. He has discovered several novel attacks vectors and vulnerabilities and has spoken about his research in several international conferences.
He has also done extensive work on developing open source tools to discover security issues in JavaScript, through both static and dynamic analysis.
Oct 2018
22 Mon
23 Tue
24 Wed
25 Thu
26 Fri 08:30 AM – 05:40 PM IST
27 Sat 08:30 AM – 05:40 PM IST
28 Sun
Hosted by
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}