Presented at
AppSec USA 2013,
Nov. 20, 2013, 2 p.m.
(50 minutes).
Client side code is a growing part of the modern web and those common
patterns or libraries, that are supposed to help developer's life,
have the drawbacks to add complexity to the code exposing unexpected
features with no or little warning.
We will focus on the most popular JavaScript libraries such as jQuery,
YUI etc and common design pattern, describing how happens
that wrong assumptions can lead to unexpected, unsafe behavior.
Several code example and live demos during the talk will try to clear both
exploitation techniques and positive coding strategies.
The presentation will also show some interesting case study, collected
and identified during two years of real world applications analysis.
Presenters:
-
Stefano Di Paola
- CTO and Co-Founder - Minded Security
Security since 2000, application security since 2004, when I made http://www.wisec.it and published several advisories. Stefano Di Paola is the CTO and a cofounder of Minded Security, where he is responsible for the Research and Development Lab. Prior to founding MindedSecurity, Stefano was a freelance security consultant, working for several private and public companies. He also worked in collaboration with University of Florence at the Faculty of Computer Engineering. Stefano is recognized as one of the top application security researchers http://myappsecurity.blogspot.com/2007/05/reflection-on-stefano-di-paola.html In past years he released several cutting edge security advisories and researches presented at several international events (Flash application security testing, Subverting Ajax). He is the Research & Development Director of OWASP Italian Chapter and contributor to several chapters of the OWASP testing guide.
Links:
Similar Presentations: