X-Excess

Presented at Kiwicon V: It Goes b00m (2011), Nov. 6, 2011, 4 p.m. (45 minutes).

Mobile applications are the new hotness and it seems everyone wants to build one. Unfortunately you have to build new app for each platform, so frameworks are popping up to bridge that gap. We look at some abuses of one framework and the implication for your shiny new gadget. Surely we can't bug a phone using XSS? Seems also there is a little known crowd out of Washington that have been swept up in the enthusiasm of exposing JavaScript APIs so now the same issues apply to your desktop too.

Presenters:

  • Kirk Jackson
    Kirk Jackson is interested in developer security - how to make applications more secure and resistant to threats. He works at Xero, and has pen-testing and application development experience.
  • Mike Haworth
    Mike Haworth is an aspiring software vandal and writer of self deprecating bios. Now gainfully employed with AuraInfoSec.

Links: