##About Rootconf 2019:
The seventh edition of Rootconf is a two-track conference with:
- Security talks and tutorials in audi 1 and 2 on 21 June.
- Talks on DevOps, distributed systems and SRE in audi 1 and audi 2 on 22 June.
##Topics and schedule:
View full schedule here: https://hasgeek.com/rootconf/2019/schedule
Rootconf 2019 includes talks and Birds of Feather (BOF) sessions on:
- OSINT and its applications
- Key management, encryption and its costs
- Running a bug bounty programme in your organization
- PolarDB architecture as Cloud Native Architecture, developed by Alibaba Cloud
- Vitess
- SRE and running distributed teams
- Routing security
- Log analytics
- Enabling SRE via automated feedback loops
- TOR for DevOps
##Who should attend Rootconf?
- DevOps programmers
- DevOps leads
- Systems engineers
- Infrastructure security professionals and experts
- DevSecOps teams
- Cloud service providers
- Companies with heavy cloud usage
- Providers of the pieces on which an organization’s IT infrastructure runs -- monitoring, log management, alerting, etc
- Organizations dealing with large network systems where data must be protected
- VPs of engineering
- Engineering managers looking to optimize infrastructure and teams
For information about Rootconf and bulk ticket purchases, contact info@hasgeek.com or call 7676332020. Only community sponsorships available.
##Rootconf 2019 sponsors:
#Platinum Sponsor
 |
 |
|
#Gold Sponsors
 |
 |
 |
#Silver Sponsors
 |
 |
 |
#Bronze Sponsors
 |
 |
 |
 |
 |
 |
#Exhibition Sponsor
 |
|
|
#Community Sponsors
 |
|
 |
LK
Lavakumar Kuppan
@lavakumark
Deploying and Managing CSP - the Browser-side Firewall
Submitted Mar 13, 2019
Technical level:
Intermediate
Data exfiltration attacks like Magecart have targeted a low-hanging fruit in the industry and have allowed attackers to steal millions of user’s credit card data. Existing security systems fail to prevent or even detect these attacks and this is a major blind-spot in the security monitoring systems. Content Security Policy is a standard supported in most modern browsers and can be harnessed to help increase protection against Magecart type attacks. This talk will explain how engineers in charge of infrastructure and servers can put this security measure in place and manage it effectively.
Outline #
- Introduction to client-side Data Exfiltration attacks
- Introduction to Content-Security Policy
- Content Security Policy to prevent Data Exfiltration attacks
○ What is possible
○ What are the limitations - How to design and deploy CSP to detect/prevent Data Exfiltration attacks
- How to monitor policy violations and alerts
Speaker bio #
Lavakumar Kuppan is the founder of Ironwasp Security. He is a security researcher and a product developer. He is currently developing products that automatically perform vulnerability detection and attack monitoring for the DOM.
He has done extensive research on web security with special focus on JavaScript security. He has discovered several novel attacks vectors and vulnerabilities and has spoken about his research in several international conferences.
He has also done extensive work on developing open source tools to discover security issues in JavaScript, through both static and dynamic analysis.
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}