Rootconf Hyderabad edition
Rootconf For members

Rootconf Hyderabad edition

On SRE, systems engineering and distributed systems

Make a submission

Accepting submissions till 30 Sep 2019, 11:59 PM

T-Hub, Hyderabad

Tickets

Loading…

##About Rootconf Hyderabad:

Rootconf Hyderabad is a platform for:

  1. DevOps engineers
  2. Site Reliability Engineers (SRE)
  3. ML and data engineers
  4. Security and DevSecOps professionals
  5. Software engineers

to discuss real-world problems around:

  1. Site Reliability Engineering (SRE)
  2. Data and AI engineering
  3. Distributed systems -- observerability, microservices
  4. Implementing Infrastructure as Code

Speakers from Flipkart, Hotstar, Intuit, GO-JEK, MadStreetDen and Trusting Social will share their experiences with the above challenges.

##Event venue:
Rootconf Hyderabad will be held at T-Hub, IIIT-Hyderabad Campus, Gachibowli, Hyderabad, Telangana - 500032

##Contact information:

For bulk ticket purchases,sponsorship and other inquiries, contact sales@hasgeek.com or call 7676332020

#Sponsors:

Click here to view the Sponsorship Deck.


Rootconf Hyderabad 2019 sponsors:


#Platinum Sponsor

Atlassian

#Bronze Sponsors

upcloud Elastic Hashicorp

For information about the event, tickets (bulk discounts automatically apply on 5+ and 10+ tickets) and speaking, call Rootconf on 7676332020 or write to info@hasgeek.com.

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more

Lavakumar Kuppan

@lavakumark

Deploying and Managing CSP - the Browser-side Firewall

Submitted Jul 22, 2019

Data exfiltration attacks like Magecart have targeted a low-hanging fruit in the industry and have allowed attackers to steal millions of user’s credit card data. Existing security systems fail to prevent or even detect these attacks and this is a major blind-spot in the security monitoring systems. Content Security Policy is a standard supported in most modern browsers and can be harnessed to help increase protection against Magecart type attacks. This talk will explain how engineers in charge of infrastructure and servers can put this security measure in place and manage it effectively.

Outline

  • Introduction to client-side Data Exfiltration attacks
  • Introduction to Content-Security Policy
  • Content Security Policy to prevent Data Exfiltration attacks
    ○ What is possible
    ○ What are the limitations
  • How to design and deploy CSP to detect/prevent Data Exfiltration attacks
  • How to monitor policy violations and alerts

Speaker bio

Lavakumar Kuppan is the founder of Ironwasp Security. He is a security researcher and a product developer. He is currently developing products that automatically perform vulnerability detection and attack monitoring for the DOM.
He has done extensive research on web security with special focus on JavaScript security. He has discovered several novel attacks vectors and vulnerabilities and has spoken about his research in several international conferences.
He has also done extensive work on developing open source tools to discover security issues in JavaScript, through both static and dynamic analysis.

Comments

{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Make a submission

Accepting submissions till 30 Sep 2019, 11:59 PM

T-Hub, Hyderabad

Hosted by

Rootconf is a community-funded platform for activities and discussions on the following topics: Site Reliability Engineering (SRE). Infrastructure costs, including Cloud Costs - and optimization. Security - including Cloud Security. more