JSFoo Chennai 2020
On component architecture, performance, security for front-end, and emerging trends
Apr 2020
30 Mon
31 Tue
1 Wed
2 Thu
3 Fri 08:50 AM – 05:30 PM IST
4 Sat 08:50 AM – 03:15 PM IST
5 Sun
Riyaz Walikar
The modern web would be grossly incomplete without JavaScript. While the dev world is using JS to build more user friendly, experience rich, responsive and fast web applications, hackers have been using JavaScript on a parallel trail using the same programming principles as the devs to break implmentations, attack users and servers alike.
In this very “informally fun” (TM) talk, filled with examples and demos, we will see how hackers (mis)use the constructs available within JavaScript/ECMAScript to go beyond XSS and automate vulnerability discovery, attack seemingly secure endpoints, exploit weaknesses in implementation and break user trust for profit and for fun.
The key takeways for attendees from this talk would be:
- Understanding how attackers see and use JavaScript
- Introduction to attacks and techniques/usage of JS beyond the standard XSS
- How JavaScript can be used as a powerful weapon in discovery and exploitation of vulnerabilities
Riyaz Walikar currently heads the Security Research Team at Appsecco. His team primarily works on identifying vulnerabilities in cloud solutions, container technologies, web app frameworks, maritime systems and anything else that can be reused by the larger security community. In the past, he has led multiple security testing teams, include the one at Appsecco which is responsible for the assessment and delivery of Web, Mobile Application and Cloud Security Testing engagements. He is a OSCP and CREST certified Web Application Pentester, security evangelist and researcher. He has been active in the security community for the better part of the last 12 years. He has been actively involved with the Bangalore OWASP and null chapter for the last 9 years and is one of the OWASP Bangalore chapter leads.
In his time in the security industry, Riyaz has penned two books, has trained and spoken at numerous security conferences and helped many Fortune 500 companies become secure by training their teams, testing their apps and responsibly disclosing security weaknesses in enterprise software.
When not dabbling in security research or testing, Riyaz likes to spend his time reading, travelling and stargazing.
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}