JSFoo Pune 2019
JSFoo

JSFoo Pune 2019

JSFoo is a JavaScript conference hosted by HasGeek.

JSFoo is the annual JavaScript conference hosted by HasGeek. The Pune edition is the second edition (JSFoo in Pune in 2012, and ReactFoo in January 2018).

HasGeek launched JSFoo in 2011 as India’s first JavaScript conference. The JS community in India has grown phenomenally since then. JavaScript now prevades every aspect of web development - browsers, apps, front-end, back-end, mobile and IoT, and there’s always scope to understand new ideas and solutions. The conference explores new ideas, implementing innovative solutions, and learning from experiences, especially negative ones.

Want to see the talks from last year’s conference? Watch the JSFoo 2018 videos or the related ReactFoo 2018 videos.

Hosted by

JSFoo
JSFoo
JSFoo is a forum for discussing UI engineering; fullstack development; web applications engineering, performance, security and design; accessibility; and latest developments in #JavaScript. Follow JSFoo on Twitter more
All submissions
This submission has been added to the schedule

Powered by VideoKen

Session video
Submission video

Lavakumar Kuppan

@lavakumark

Everything you need to know about client-side malicious code execution.

Submitted Dec 10, 2018

Section: Full talk Technical level: Intermediate

Malicious Code Execution is considered to be one of the most serious security issues across any technology. This has plagued client-side JavaScript in the form of Cross-site Scripting. Though this issue has been around since the early days of the web, its variations, prevention techniques and detection mechanisms have evolved over time. This talk will cover everything a modern developer absolutely must know about on client-side malicious code execution.

Outline

  • Introduction to Client-side Code Execution and all of its variants
    ○ Reflected Server XSS
    ○ Reflected Client XSS
    ○ Stored Client XSS
    □ Server-side Store
    □ Client-side Store
    ○ Cross-origin Client XSS

  • Code patterns and APIs that cause Client-side Code Execution

  • Client-side Code Execution in modern frameworks like Angular, React etc.

  • Detection of Client-side Code Execution

  • Recommendations to prevent Client-side Code Execution
    ○ Proper use of APIs
    ○ Encoding
    ○ Content Security Policy

Speaker bio

Lavakumar Kuppan is the founder of Ironwasp Security. He is a security researcher and a product developer. He has done extensive research on web security with special focus on JavaScript security. He has discovered several novel attacks vectors and vulnerabilities and has spoken about his research in several international conferences.
He has also done extensive work on developing open source tools to discover security issues in JavaScript, through both static and dynamic analysis.

All submissions

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Register

Hosted by

JSFoo
JSFoo
JSFoo is a forum for discussing UI engineering; fullstack development; web applications engineering, performance, security and design; accessibility; and latest developments in #JavaScript. Follow JSFoo on Twitter more