JSFoo is in its ninth edition this year. Talks at JSFoo 2019 will cover the following topics:
- Component architecture -- how different web components have been stitched together to build apps; outcomes on UI and performance as a result of architecture choices
- Deployment practices for front-end and how Kubernetes and CI/CD fall into this picture
- Accessibility
- Developer experience (DX)
- Functional programming paradigms: ReasonML and ClojureScript
- Privacy and Content Security Policy (CSP)
- New developments such as SvelteJS
Speakers from Razorpay, CloudCherry, Myntra, Innovaccer, GitLab, Microsoft, Atlassian and Gramener will share their work and learnings on these topics.
Who should attend JSFoo: #
JSFoo is a conference for practitioners, by practitioners. JSFoo 2019 is a conference for:
- Front-end engineers
- Senior software developers
- Team leaders and engineering managers
- Fullstack developers
- InfoSec professionals
##JSFoo 2019 details:
Dates: 27 and 28 September
Venue: NIMHANS Convention Centre, Bangalore
##JSFoo workshops:
The following workshops have been curated for before and after the conference:
##Contact details:
For inquiries about conference tickets, workshop tickets and any other details, call JSFoo on 7676332020 or email info@hasgeek.com
#Sponsors:
Click here for the Sponsorship Deck.
Email sales@hasgeek.com for bulk ticket purchases, and sponsoring JSFoo 2019.
JSFoo 2019 sponsors: #
#Platinum Sponsor
 |
 |
|
#Gold Sponsor
 |
|
|
#Exhibition Sponsor
 |
|
|
#Bronze Sponsor
 |
 |
 |
#Community Sponsor
 |
 |
 |
Contact #
For tickets and sponsorships, contact info@hasgeek.com or call +91-7676332020. For queries about proposing talks, write to jsfoo.editorial@hasgeek.com
LK
Lavakumar Kuppan
@lavakumark
Deploying and Managing CSP: the Browser-side Firewall
Submitted Sep 10, 2019
Section:
Full talk (40 mins)
Technical level:
Intermediate
Data exfiltration attacks like Magecart have targeted a low-hanging fruit in the industry and have allowed attackers to steal millions of user’s credit card data. Existing security systems fail to prevent or even detect these attacks and this is a major blind-spot in the security monitoring systems. Content Security Policy is a standard supported in most modern browsers and can be harnessed to help increase protection against Magecart type attacks. This talk will explain how engineers in charge of infrastructure and servers can put this security measure in place and manage it effectively.
Outline #
- Introduction to client-side Data Exfiltration attacks
- Introduction to Content-Security Policy
- Content Security Policy to prevent Data Exfiltration attacks
○ What is possible
○ What are the limitations - How to design and deploy CSP to detect/prevent Data Exfiltration attacks
- How to monitor policy violations and alerts
Speaker bio #
Lavakumar Kuppan is the founder of Ironwasp Security. He is a security researcher and a product developer. He is currently developing products that automatically perform vulnerability detection and attack monitoring for the DOM.
He has done extensive research on web security with special focus on JavaScript security. He has discovered several novel attacks vectors and vulnerabilities and has spoken about his research in several international conferences.
He has also done extensive work on developing open source tools to discover security issues in JavaScript, through both static and dynamic analysis.
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}