Most developers do not get direct access to external Pentesters and their interactions are sadly limited to an exchange of reports and emails. The talk will provide the pen tester's perspective. The participants will hear first hand from a pentester on how they pen test, analyse and exploit web applications. This session will introduce participants to security issues related to JavaScript, JSON and HTML5 and how to identify such issues in the code. Participants will learn how to write secure JavaScript code which leads to fewer security bugs being discovered in the testing phase and therefore spend less time fixing bugs. Emphasis will be on DOM XSS exercises. There will also be a special focus on CORS, covering the abuse of cross domain communications.
Prasanna has worked as a full time hands-on Web Application pen tester for the past 12+ years. His clients have included large international organisations in the e-Commerce, automobile, premium banking and finance, and government spaces. He regular conducts training sessions to up-skill developers to deliver secure and safe solutions. He has presented at popular security events such as nullcon-Delhi, Clubhack, IIT Guwahati and at various meetups. He is one of the community leads in the Singapore security community. His community code contributions include IronSAP, a SAP testing plugin for IronWASP. At present, his interests include Fuzzing.
JSConf.Asia - Red Dot Design Museum, Singapore - 20 November 2015.
Source: http://2015.jsconf.asia
License: For reuse of this video under a more permissive license please get in touch with us. The speakers retain the copyright for their performances.