About JSFoo Coimbatore
JSFoo Coimbatore is a single-day conference with talks, Birds of Feather (BOF) sessions and speaker connect sessions. The conference will be held on Friday, 5 July, at Dr.G.R.Damodaran College of Science, Coimbatore.
JSFoo Coimbatore features talks on:
- How to secure your web applications by identifying vulnerabilities.
- Leveraging Web Application Vulnerabilities for Resourceful Intelligence Gathering.
- Case studies of performance improvements and using the modular approach to building front-ends.
- Node.js and good engineering practices such as logging, debugging and integrating security into your applications.
- WebSDK: switching between service providers on the fly.
JSFoo Coimbatore 2019 sponsors:
For inquiries on tickets and sponsorships, call the JSFoo Coimbatore team on 7676332020 or write to us on firstname.lastname@example.org
Punit Sethi, Founder at Tezify
Improving the performance of a React app: a case study
- How we measured our React App’s performance & improvement
- Performance metrics
- Test conditions
How we improved our React App’s performance
- Identified & removed unused libraries / part of libraries
- Code splitting with React’s lazy & suspense
- Identify & load specific libraries libraries dynamically
- Reduce babel transpiled code with babel-preset-env
Reduce download size with brotli-webpack-plugin
Details of Performance Improved
- Size of our JS Bundles
Sudhanshu Yadav, Front-end Architect at HackerRank
Breaking a monolithic front-end: HackerRank's case study
The need of breaking the monolithic frontend
- Reduce the app context.
- Separate deployment.
- Bottleneck for Innovation.
- Breaking the mololith app to multiple apps and modules.
- Modules as node packages.
- Keeping the code style uniform.
- Publishing Modules.
- Automate deployment for modules.
- Frontend Infra as a module.
Fine-tuning the workflow
- Better local development.
- Managing cross dependencies.
Riyaz Walikar, Head of Offensive Security at Appsecco
- Introduction to the talk
- Why is XSS bad anyways?
- I’ve Got No BeEF With You
- Demo of a real world account and browser compromise
- Going beyond it’s supposed application
- JS fuzzing engines
- Browser crashes and the $$$
- Server Side JS attacks
- The perils of insecure templating
- Server Side JS injection
- Remote Code Execution
- Client Side JS Attacks
- What’s that in my DOM?
- Case Study of
- Data Theft via a insecure Express app on a Desktop Client
- Breaking filters and Web Application Firewalls
- JS weirdness
- Twisted XSS payloads
- Case Study 1
- Case Study 2
- Session Hijacking using ActionScript and Flash
- Weaponising ActionScript for account takeovers
- Mutation XSS
- Abusing browsers’ code normalisation against them
- Stega whaa?
- Working with Alpha Channels in images
- Hidden in PlainSight
- Attacking NodeJS servers on exposed iOT devices
- What could go wrong you say!
- Closing notes
- The End / Q&A
Karan Saini, Security researcher and program officer at Centre for Internet and Society
Leveraging web application vulnerabilities for resourceful intelligence gathering.
The talk seeks to provide the audience with a starting point for where and how resourceful information and intelligence can be found and collected, particularly, through discovery and exploitation of security flaws in web applications. The talk will provide real life examples of security flaws through which sensitive information could have been disclosed, and how at times - owing largely to the interconnected nature of such information - it could be pieced together with other data to glean useful intelligence about a particular individual or group. Lastly, the talk will touch upon how developers can avoid baking these issues into their services and applications, while also discussing protective operational security measures that end-users can adopt as a best practice.
Introduction: Intelligence and Investigations Case Studies Web Application Vulnerabilities and Intelligence Gathering Scoping and Execution: Targeting Techniques Types of Prevalent Flaws Attacking Techniques Slides with Examples Defense: Best Practices for Developers Operational Security for Users
Nishi Jain, Software Engineer at Hotstar
WebSDK: switching between service providers on the fly.
This talk is about sharing an experience that I had while solving a challenging problem. While discussing about the service layer in the application I will cover following important areas:
1. Caching at the service layer
2. Chunking (Creating different chunks for server and browser)
3. Adapters (Maitaining a common response format b/w providers for the clients)
4. Handling Error codes
5. Test cases
6. Switching b/w different service providers. How does client chooses the service provider?
7. How is the service layer integrated in the web application ?
Shreyansh Pandey, Chained Ventures
Architect for scale: case studies of my learnings with Node.js
- Why this talk
- How not to do Logging
- My experience with security and JWT
- JSON vs. RPC
- Why “express” isn’t the answer to every problem
- Detecting and debugging memory leaks in production.
- Network and service mesh layer
- When to use HAProxy (vs. nginx)
- Bits of bad code I have seen
- Conclusion and QA
State Machines for Frontend State Management
by Tejesh P, Gramener
State Machines for Frontend State Management
- Simple introduction to State Machines
- Why and how State Machines are heavily utilized in Distributed systems
- Seeing frontend applications as a distributed system (with time bound events from DOM interactions), how to utilize the powerful concepts of state machines
- Separation of DOM writes vs DOM reads (State Machine)
- Action dispatcher - DOM writes
- State Transition(er), State Event Triggers
- How easy is it to have Time Travel Logger