Trainer: Ksenia Dmitrieva
When: October 23rd, 2013
Where: LASCON 2013, Austin, TX (held at Norris Conference Center)
Cost: $245, includes meals
This course is structured into modules and includes code analysis and remediation exercises. The high-level topics for this course are:
• Storage of Sensitive Data
• Secure Cross-domain Communications
• Implementing Secure Dataflow
• JSON-related Techniques
After completing this course, students will be able to:
• Apply HTML5 Defensive Programming Techniques
• Apply JSON Defensive Programming Techniques
There should be a maximum of 20 students.
Labs and Demonstrations
If students bring their own laptops with VirtualBox software installed, they can install an Ubuntu VM (provided by the instructor) with an insecure web application and students will participate in two interactive lab sessions where they will learn to fix issues related localStorage object, web messaging, sandbox attribute for iframes, input validation and output encoding, parsing JSON data, and cross-site scripting. There are also two interactive demonstrations showing how to tamper with client-side data, evade client-side filters and work with Firebug. The labs are not compulsory to get the full value of the course.