Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, October 23 • 8:00am - 5:00pm
Defensive Programming for JavaScript & HTML5 - 1 DAY TRAINING

Sign up or log in to save this to your schedule and see who's attending!

Title: Defensive Programming for JavaScript & HTML5
Trainer: Ksenia Dmitrieva
When: October 23rd, 2013
Where: LASCON 2013, Austin, TX (held at Norris Conference Center)
Cost: $245, includes meals

Register Now

Abstract:
Understand JavaScript and HTML5 Features to Secure Your Client-side Code.

This full-day course helps web front-end developers understand the risks involved with manipulating JavaScript and HTML5 and apply defensive programming techniques in both languages.
Some of the topics covered include, but are not limited to, important security aspects of modern browser architecture (DOM and SOP), XSS, CSRF, DOM manipulation, Sandboxing iframes, JavaScript Execution Contexts, CORS, Web Messaging, Web Storage, and JSON.
This course is structured into modules and includes code analysis and remediation exercises. The high-level topics for this course are:
• The HTML5 and JavaScript Risk Landscape
• Storage of Sensitive Data
• Secure Cross-domain Communications
• Implementing Secure Dataflow
• JSON-related Techniques

Objectives
After completing this course, students will be able to:
• Apply HTML5 Defensive Programming Techniques
• Apply JavaScript Defensive Programming Techniques
• Apply JSON Defensive Programming Techniques
There should be a maximum of 20 students.

Labs and Demonstrations
If students bring their own laptops with VirtualBox software installed, they can install an Ubuntu VM (provided by the instructor) with an insecure web application and students will participate in two interactive lab sessions where they will learn to fix issues related localStorage object, web messaging, sandbox attribute for iframes, input validation and output encoding, parsing JSON data, and cross-site scripting. There are also two interactive demonstrations showing how to tamper with client-side data, evade client-side filters and work with Firebug. The labs are not compulsory to get the full value of the course.

 


Speakers
avatar for Amit Sethi

Amit Sethi

Senior Principal Consultant, Cigital
Amit Sethi is a Senior Principal Consultant and the Director of the Mobile Practice and the Advanced Penetration Testing Practice at Cigital. He has over 12 years of experience in the security industry as well as a Masters degree in Cryptography. He has extensive experience performing penetration testing, source code reviews and architectural risk analysis of a wide variety of systems as well as helping organizations solve complex security... Read More →


Wednesday October 23, 2013 8:00am - 5:00pm
Gemalto Room A Norris Conference Center, 2525 W. Anderson Lane, Suite 365, Austin, Texas 78757

Attendees (5)