##JSFoo 2018 will be held on 26 and 27 October 2018.
##About the conference:
The 2018 edition is single-track event with talks in auditorium 1 at the NIMHANS Convention Centre, and Birds of Feather (BOF) sessions in the hallway. Meta Refresh -- with talks on usability, user experience, design and UI engineering will be held in auditorium 2 at the NIMHANS Convention Centre.
- Security and front-end
- Backend, node.js and security
- Framework specific security concerns
- Security audits
Besides the main theme, JSFoo will cover the following topics:
- Case studies of Vue.js, GraphQL, ReasonML and other framework/language adoption.
- Architecture approaches (and case studies) for engineering web apps.
- Best practices: debugging and profiling on the web, testing, measuring performance.
- JS off the web – conversational UI, raspberry pi, IoT
We are inviting proposals:
- Full talks: 40 mins duration
- Crisp talk: 20 mins duration
- Hands-on workshops of 3 or 6 hour duration
- Birds Of Feather (BOF) sessions of 45-60 mins duration
Proposals will be filtered and shortlisted by an Editorial Panel.
** Make sure to add links to videos / slide decks when submitting proposals. We will not review proposals without detailed outlines or slide decks and preview videos.**
The first filter for every proposal is whether the technology or solution you are referring to is open source or not. If you are referring to a proprietary technology, consider picking up a sponsored session.
The criteria for selecting proposals, in the order of importance, are:
- Key insight or takeaway: what can you share with participants that will help them in their work and in thinking about the problem?
- Structure of the talk and flow of content: a detailed outline helps us understand the focus of the talk, and the clarity of your thought process.
- Ability to communicate succinctly, and how you engage with the audience. You must submit link to a two-minute preview video explaining what your talk is about, and what is the key takeaway for the audience.
No one submits the perfect proposal in the first instance. We therefore encourage you to:
- Submit your proposal early so that we have more time to iterate if the proposal has potential.
- Write to us on: email@example.com if you want to discuss an idea for your proposal, and need help / advice on how to structure it.
Our editorial team also helps potential speakers in refining their talk ideas, and rehearsing at least twice - before the main conference - to sharpen the insights presented in the talk.
##Passes and honorarium for speakers:
We pay an honorarium of Rs. 3,000 to each speaker and workshop instructor at the end of their talk/workshop. Confirmed speakers and instructors also get a pass to the conference and networking dinner. We do not provide free passes for speakers’ colleagues and spouses.
##Travel grants for outstation speakers:
Travel grants are available for international speakers who have led/worked on projects that have large-scale adoption. Travel grants are available for domestic speakers (without the criteria mentioned for international speakers).
We evaluate each travel grant application on its merits, giving preference to women, people of non-binary gender, and Africans. If you require a grant, request it when you submit your proposal in the field where you add your location. JSFoo is funded through ticket purchases and sponsorships; travel grant budgets vary.
JSFoo + Meta Refresh: 26 and 27 October, at the NIMHANS Convention Centre.
For tickets and sponsorships, contact firstname.lastname@example.org or call +91-7676332020.
Learn secure web development using Damn Vulnerable NodeJS Application
Damn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. In this hands-on workshop we will understand, exploit and learn how to fix/avoid OWASP Top 10 vulnerabilities.
Plan for the workshop
- Hands-on practice of exploiting vulnerabilities in DVNA
- Understanding the cause of vulnerabilities
- Discussion on how to fix/avoid vulnerabilities
Depending on the time allocated for the workshop the following vulnerabilities will be covered
- SQL and command Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Cross Site Request Forgery
- Unvaidated Redirects and Forwards
Laptop with wifi connectivity
Subash is a Security Engineer at Appsecco. As an avid security enthusiast and a passionate developer, he enjoys developing meaningful solutions to real world security problems. He is currently working on solving security problems at cloud scale and exploring solutions to improve intelligent automation using AI. During his free time, he loves to explore and research on new and upcoming technologies. Introduced to the world of security by null Open Security Community, he is on track to actively contributing back by presenting at various meetups and conferences and has given talks at null Bangalore and the Serverless Summit. He has also contributed to open source security tools such as OWASP Threat Dragon and DVNA.