by JSFoo

JSFoo Coimbatore 2019

On building faster, performant and secure web applications

JSFoo Coimbatore 2019

JSFoo Coimbatore 2019

On building faster, performant and secure web applications

by JSFoo
date_range

Date

05 Jul 2019, Coimbatore

place

Venue

The Residency Towers, Coimbatore

About

About JSFoo Coimbatore

JSFoo Coimbatore is a single-day conference with talks, Birds of Feather (BOF) sessions and speaker connect sessions. The conference will be held on Friday, 5 July, The Residency Tower, Coimbatore.

JSFoo Coimbatore features talks on:

  1. How to secure your web applications by identifying vulnerabilities.
  2. Leveraging OSINT to identify overly permissive application programming interfaces, business logic errors, insecure direct object reference attacks and use of insecure identifiers.
  3. Case studies of performance improvements and using the modular approach to building front-ends.
  4. Node.js and good engineering practices such as logging, debugging and integrating security into your applications.

Speakers from Hotstar, Uber, HackerRank, Recrosoft, Tezify, Appsecco, and Centre for Internet and Society (CIS) will present case studies and experiential talks which will help JavaScript, full stack and front-end engineers among partcipants to build faster, secure and performant we applications.

For inquiries on tickets and sponsorships, call the JSFoo Coimbatore team on 7676332020 or write to us on info@hasgeek.com

Talks

  • Architect for scale: case studies of my learnings with Node.js

    Shreyansh Pandey

    Architect for scale: case studies of my learnings with Node.js

    • Why this talk
    • Introduction
    • How not to do Logging
    • My experience with security and JWT
    • JSON vs. RPC
    • Why “express” isn’t the answer to every problem
    • Detecting and debugging memory leaks in production.
    • Network and service mesh layer
    • When to use HAProxy (vs. nginx)
    • Bits of bad code I have seen
    • Conclusion and QA
  • WebSDK:  switching between service providers on the fly.

    Nishi Jain

    WebSDK: switching between service providers on the fly.

    This talk is about sharing an experience that I had while solving a challenging problem. While discussing about the service layer in the application I will cover following important areas:
    1. Caching at the service layer
    2. Chunking (Creating different chunks for server and browser)
    3. Adapters (Maitaining a common response format b/w providers for the clients)
    4. Handling Error codes
    5. Test cases
    6. Switching b/w different service providers. How does client chooses the service provider?
    7. How is the service layer integrated in the web application ?

  • Building high performance stack with React and PWA: the technology behind myntra web

    Vijaya Krishna Kudva

    Building high performance stack with React and PWA: the technology behind myntra web

    A scalable stack
    Micro apps Architecture benefits
    Technology Choices and Performance
    Few React Optimiztion tips

  • Captain Marvellous JavaScript: a look at how hackers use JS

    Riyaz Walikar

    Captain Marvellous JavaScript: a look at how hackers use JS

    • Introduction to the talk
    • JavaScript and XSS: Is that it?
    • Why is XSS bad anyways?
    • I’ve Got No BeEF With You
      • Demo of a real world account and browser compromise
    • Going beyond it’s supposed application
    • Using JavaScript to Fuzz browsers
    • JS fuzzing engines
    • Browser crashes and the $$$
    • Server Side JS attacks
    • The perils of insecure templating
    • Server Side JS injection
      • Remote Code Execution
    • Client Side JS Attacks
    • What’s that in my DOM?
    • Mixing Desktop Clients and JavaScript (WCGW)
      • Case Study of
      • Code Execution using JavaScript in a Desktop Client
      • Data Theft via a insecure Express app on a Desktop Client
      • Windows Privilege Escalation using JavaScript in a Desktop Client
    • Breaking filters and Web Application Firewalls
    • JS weirdness
    • Twisted XSS payloads
    • Malware writers, JavaScript and obfuscation
    • Case Study 1
    • Case Study 2
    • Session Hijacking using ActionScript and Flash
    • Weaponising ActionScript for account takeovers
    • Mutation XSS
    • Abusing browsers’ code normalisation against them
    • JavaScript Steganography
    • Stega whaa?
      • Working with Alpha Channels in images
      • Hidden in PlainSight
    • iOT, JavaScript and a friendly home router
    • Attacking NodeJS servers on exposed iOT devices
    • What could go wrong you say!
    • Closing notes
    • The End / Q&A
  • Improving the performance of a React app: a case study

    Punit Sethi

    Improving the performance of a React app: a case study

    • How we measured our React App’s performance & improvement
    • Performance metrics
    • Test conditions
    • Tools

    • How we improved our React App’s performance

    • Identified & removed unused libraries / part of libraries
    • Code splitting with React’s lazy & suspense
    • Identify & load specific libraries libraries dynamically
    • Reduce babel transpiled code with babel-preset-env
    • Reduce download size with brotli-webpack-plugin

    • Details of Performance Improved

    • Timings
    • Size of our JS Bundles
  • Breaking a monolithic front-end: HackerRank's case study

    Sudhanshu Yadav

    Breaking a monolithic front-end: HackerRank's case study

    The need of breaking the monolithic frontend

    • Reduce the app context.
    • Separate deployment.
    • Bottleneck for Innovation.

    The process

    • Breaking the mololith app to multiple apps and modules.
    • Modules as node packages.
    • Keeping the code style uniform.
    • Publishing Modules.
    • Automate deployment for modules.
    • Frontend Infra as a module.

    Fine-tuning the workflow

    • Better local development.
    • Managing cross dependencies.

    Key learnings

  • Leveraging web application vulnerabilities to build and open source intelligence arsenal (OSINT)

    Karan Saini

    Leveraging web application vulnerabilities to build and open source intelligence arsenal (OSINT)

    The talk will primarily focus on the prevalence of the following types of flaws:

    overly permissive application programming interfaces
    business logic errors
    insecure direct object reference attacks
    use of insecure identifiers
    

    Through providing real life examples of discovered issues, the talk will provide a starting point for where and how resourceful OSINT can be found and collected. Further, the talk will also touch upon how developers can avoid baking these issues into their services and products and how end users can avoid becoming a part of these databases. The talk will also cover targeting ‘hyper local’ service providers for the purpose of building categorised repositories.

    Talk overview:
    
    Introduction:
    - What is OSINT?
    - Why build your own arsenal?
    - How can web application vulnerabilities help?
    - Minor case study on the uses of OSINT
    
    Scoping:
    - Targeting location-specific service providers
    - Usual suspects: What to look out for
      Numeric Identifiers, API(s), IDOR(s), Weak Auth;
    - Slides with examples
    
    Execution: The good stuff
    - Scraping the information, OR;
    - Creating tools to query information at will.
    
    Prevention:
    - As developers: What to avoid?;
    - As users: What to avoid? (protective techniques).
    

Tickets

Loading...

Venue

The Residency Towers, Coimbatore
1075, Avinashi Rd, P N Palayam,

Coimbatore
Tamil Nadu
IN

Loading...