Videos

Published on July 9th, 2019 📆 | 6696 Views ⚑

0

Captain Marvellous JavaScript – A look at how hackers use JS

iSpeech.org

In this very “informally fun” (TM) talk, filled with examples and demos, we will see how hackers (mis)use the constructs available within JavaScript/ECMAScript to go beyond XSS and automate vulnerability discovery, attack seemingly secure endpoints, exploit weaknesses in implementation and break user trust for profit and for fun.

The key takeways for attendees from this talk would be:
- Understanding how attackers see and use JavaScript - Introduction to attacks and techniques/usage of JS beyond the standard XSS - How JavaScript can be used as a powerful weapon in the discovery and exploitation of vulnerabilities

Riyaz Walikar currently heads the Offensive Security Team at Appsecco and is responsible for the assessment and delivery of Web and Mobile Application Security Testing engagements. He is a OSCP certified Web Application Pentester, security evangelist and researcher. He has been active in the security community for the better part of the last 10 years. He has been actively involved with the Bangalore OWASP and null chapter for the last 7 years and is one of the OWASP Bangalore chapter leads.

He is actively involved with Vulnerability Research in popular Web Applications and Network aware services and has disclosed several security issues in popular software like Apache Archiva, Openfire, Joomla!, EJabberd and has had luck with finding vulnerabilities with popular web applications like Facebook, Twitter, Google, Cisco, Symantec, Mozilla, PayPal, Ebay, Apigee, Yahoo, Adobe, Tumblr, Pinterest etc. for which he is on the Hall of Fame for most of these services. He has also been a speaker and trainer at several security conferences.

source

Tagged with: captain • coimbatore • hackers • hasgeek • javascript • JSFoo • marvellous • offensive security