Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Java script, security and you - Tri-Cities Javascript Developers Group

597 Aufrufe

Veröffentlicht am

Talk given at the Tri-Cities Javascript Developers Group, Johnson City, TN

Veröffentlicht in: Technologie
  • Als Erste(r) kommentieren

Java script, security and you - Tri-Cities Javascript Developers Group

  1. 1. JavaScript, Security and You A Brief Introduction to Fear
  2. 2. JS: Good & Evil ● Critical for the modern web ● Provides rich interaction ● Ubiquitous ● XSS ● User tracking & identification ● Browser exploits ● etc.
  3. 3. Previously Unknown Blackhole Exploit Kit Variant
  4. 4. FBI Exploit against Firefox 17
  5. 5. QUANTUMINSERT ?
  6. 6. JavaScript Friend? Foe?
  7. 7. "SSL added and removed here"
  8. 8. What are your threats?
  9. 9. Cross Site Scripting ● Account Takeover ● Unauthorized Actions ● Data Theft ● etc.
  10. 10. XSS Types Stored Reflected
  11. 11. Cross-site Request Forgery ● Account Tampering / Takeover ● Unauthorized Actions ● Data Theft ● etc.
  12. 12. Client-Side Sanitization ● XSS ● CSRF ● SQL Injection ● Command Execution ● etc.
  13. 13. HTML5(-ish) ● WebSockets ● Local Storage ● Cross Origin Resource Sharing ● Geolocation ● Web Workers ● etc.
  14. 14. JS: Friend & Foe
  15. 15. Want to know more? Hack Yourself First ● Stephen Haywood (@averagesecguy) ● http://bit.ly/HackYourself1st
  16. 16. Thanks! @adamcaudill https://adamcaudill.com

×