- About Goa'15
- Schedule
- Venue
- Speakers
- Training
- CFP
- Recreation
- Blackshield Awards
- CTF
- Sponsors
- Exhibition
- Job Fair
- CXO Track
- Bugbash
- Goa'15
- About Speakers
- Yuval Idan
Paper Title
Warning Ahead: Security Storms are Brewing in Your JavaScript
Abstract
JavaScript controls our lives - we use it to zoom in and out of a map, to automatically schedule doctor appointments and to play online games. But have we ever properly considered the security state of this scripting language? ?Before dismissing the (in)security posture of JavaScript on the grounds of a client-side problem, consider the impact of JavaScript vulnerability exploitation to the enterprise: from stealing server-side data to infecting users with malware. Hackers are beginning to recognize this new playground and are quickly adding JavaScript exploitation tools to their Web attack arsenal. ?In this talk we explore the vulnerabilities behind Javascript, including:
- A new class of vulnerabilities unique only to JavaScript
- Vulnerabilities in 3rd-party platforms which are exploited through JavaScript code
- HTML5 is considered the NG-Javascript. In turn, HTML5 introduces a new set of vulnerabilities
Speaker Bio
Yuval Idan is Checkmarx's APAC technical director. In this role he provides professional technical services and acts as the product specialist for the APAC region. Yuval has more than a decade of experience in the hi-tech industry and software development. Prior to Checkmarx, Yuval was a software development team leader at one of the largest online gaming companies, where he managed local and offshore teams. Yuval holds an MBA from IMD, Lausanne Switzerland as well as a BA in Computer Sciences from MTA, Israel.