Most of us use jQuery for seemingly everything including simple stuff like processing dialog windows. While jQuery allows us the abstraction powerful abstraction around cross-browser API differences, it can also prove to be a "security nightmare" due to the ways of usage.This session will take you through common jQuery security mistakes including XSS, data validations, inline events, URL encoding, hosted plugins and how to avoid them. The session will cover tools like like JSHint,JSLint and purifiers on the client and server side to secure webapps and avoid common pitfalls.

 
 

Outline/structure of the Session

Why is jquery ubiquitous?
- Simple DOM Manipulations
- Plugin-able design.
- UI, Event, Animations simplified.
- And ofcourse AJAX

- How easy is to make security mistakes?
- Small silly errors can cause big damages.
- Many non security decisions affect security
- Security testing almost always never happens.
- Programmers tend to overlook most security advisories


-Lets get started
- The famous XSS -12% of all attacks are XSS
- Whats wrong in this code?(sample error code)
- Why is it wrong?
- Corrected Code.
- Remember :

- Data Validation
- Whats wrong in this code?(sample error code)
- Why is it wrong?
- Corrected Code.
- Remember :

- Similar slides for Events, URL Encoding and Problem with plugins.
(3 more slides)


- JSHint :
- What is it?
- How to use (Sample)
- Errors that it detects
- Errors that it does not find:)

-JSLint
- Usage
- Samples
- What it cant do?


- Where does it leave us? (summary)
- highlight common good coding practices
- References

.

Learning Outcome

Write more secure web apps!.

Target Audience

programmers, web engineers, architects

Requirements

Video projector.

schedule Submitted 2 years ago

Comments Subscribe to Comments

comment Comment on this Proposal
  • Naresh Jain
    By Naresh Jain  ~  1 year ago
    reply Reply

    Hi Uma, thank you for the proposal. I really like the topic. Can you please update the proposal with slides and/or video from any past presentation? That will help us understand your presentation style. Also if you can add any links to your blog or articles written by you on this topic, it will further strengthen the proposal. Thank you!

    • Umadevi Santhanam
      By Umadevi Santhanam  ~  1 year ago
      reply Reply

      Naresh,

      Most slides or presentations that I have done have been as a part of my previous organization, and would not be able to share them and for the last 1.5 yrs have been super busy with my startup :)

      One of the publicly available video of mine is a Keynote at Novell Brainshare 2011 and here is the link

      https://www.youtube.com/watch?v=KHE-SZxhXkY

       

      I understand that you would need more public information, blogs, slides, since I have none that I can share, my Linkedin profile along with its recommendations may help.

      Regards,

      Uma

       

      • Naresh Jain
        By Naresh Jain  ~  1 year ago
        reply Reply

        Thanks for updating the details, Uma. This really helps to visualise what you plan to cover.

        Regarding the video: I did check the youtube video, but that is not very useful. Is there any other video? Or would you be able to record a small 2-3 mins trailer video for your talk?

        Also can you please create a draft slides of your session and share a link with us?

        Thanks.

        • Naresh Jain
          By Naresh Jain  ~  1 year ago
          reply Reply

          Any updates on this?

  • Kris Borchers
    By Kris Borchers  ~  1 year ago
    reply Reply

    I really like this topic as well and would love to see some more info and talk details.


  • Liked Niranjan Janardhana
    keyboard_arrow_down

    jQuery Plugins for Large Scale Responsive Web Design Projects

    Niranjan Janardhana
    Niranjan Janardhana
    schedule 1 year ago
    Sold Out!
    20 mins
    Talk
    Intermediate

    Responsive Web Design  [RWD]is an extremely simple design methodology, through media queries. In this talk, we share our experience of implementing RWD for a large scale public facing project, having 3000+ dynamic page content.

    We will cover Device Neutral Design, the Challenges faced and how jQuery came to our rescue.

     

     

  • Liked Anmol Agrawal
    keyboard_arrow_down

    Fun with JavaScript and Arduino

    Anmol Agrawal
    Anmol Agrawal
    schedule 1 year ago
    Sold Out!
    45 mins
    Talk
    Beginner

    “Internet of things” is the concept of basically connecting any device with an on and off switch to the Internet.

    IoT has been possible through devices like Arduino, Raspberry Pi and many more. Initially, working with them started with C/C++. Now, you can do the same with different languages like Python, Ruby, JavaScript, Go and more languages are coming to this landscape. NodeJS, frameworks and npm has built an environment like no other. Just with the the fundamental knowledge of JavaScript and reading through API docs, one can easily get started with IoT. That's what I will be showing.

    I would like to share my approach, resources etc I learned from and show things that are possible.

  • Liked Jay Kanakiya
    keyboard_arrow_down

    How I become a better Front End Developer by maintaining a daily jQuery plugins site

    Jay Kanakiya
    Jay Kanakiya
    schedule 1 year ago
    Sold Out!
    20 mins
    Talk
    Beginner

    Maintaining a jQuery plugins website is hard but equally rewarding. In this talk I am going to outline some of the initial difficulties I have faced and its corresponding learnings. jquer.in also played an important role into how I become a Front End Developer. Even now it plays a huge role into improving my writing skills, coding skills, contacts.

    Slides are available at http://jquer.in/jqueryconf/#/

  • Liked Shyam Purkayastha
    keyboard_arrow_down

    Famo.us : A new kind of Web UI for the future

    Shyam Purkayastha
    Shyam Purkayastha
    schedule 1 year ago
    Sold Out!
    45 mins
    Demonstration
    Intermediate

    Famo.us is a pure javascript UI framework which deviates from traditional web development approach around declerative coding & brings in the ability to marry different visual elements under the HTML5  and Open Web umbrella ( such as CSS3, Canvas, SVG & WebGL ) to create absolutely stunning user interfaces. In this talk we are going to have a look at some of the capabilities of famo.us by means of a few demonstrations. We will demonstrate a few web applications built with Famo.us, right from the basic apps, to the more engaging ones , all the way to the more advanced applications which can arguably thwart any traditional multimedia content consumption platform in favour of the web.  

  • Liked Alexis Abril
    keyboard_arrow_down

    MV* - Practical Applications with CanJS

    Alexis Abril
    Alexis Abril
    schedule 2 years ago
    Sold Out!
    90 mins
    Tutorial
    Intermediate

    Structure of client side applications is a debated topic. While there are many varied approaches, I will take you through concepts we use at Bitovi when building complex applications. Separation of concerns, thin server architecture, and how we structure our data layer are a few of the many topics we will touch in this tutorial session.

  • Vamsi Krishna
    Vamsi Krishna
    Navin
    Navin
    schedule 2 years ago
    Sold Out!
    60 mins
    Case Study
    Intermediate

    Advances in JavaScript, HTML5, and the proliferation of related JavaScript libraries, have laid the technological foundation for data visualization. This current and evolving technological landscape, with a wealth of data from innumerable sources, is offering a vast opportunity for Web designers, developers and data analysts to be key players in transforming raw data into meaningful representation. This workshop demonstrates the power and flexibility of modern JavaScript and JQuery libraries to present you best-of-breed visualizations with a real-world use case.

  • Liked Dave Methvin
    keyboard_arrow_down

    Don't Make These jQuery Mistakes

    Dave Methvin
    Dave Methvin
    schedule 2 years ago
    Sold Out!
    60 mins
    Keynote
    Intermediate

    You can find solutions to thousands of jQuery problems on the Internet in blog posts, StackOverflow answers, or on Github. The problem is, many of those answers and code snippets are very obsolete! The web development world of 2006 that jQuery was born into is very different than the world of 2015, and jQuery has evolved to keep up. Yet there are still features inside of jQuery that only remain because of compatibility concerns, not because they're a good idea in modern web development.

    This talk will discuss features of jQuery that are best to avoid if you want a fast web site or HTML app that works with the widest range of browsers--even browsers that haven't yet been released! You'll also learn how using some of these features can make it very hard to follow modern practices such as Responsive Design. For each feature, you'll learn the modern 2015 way to do each of these tasks.

  • Scott González
    Scott González
    schedule 2 years ago
    Sold Out!
    45 mins
    Keynote
    Beginner

    Over the past seven years, jQuery UI has identified and solved many common problems for web developers. Often times, the problems don't apply just to users of jQuery UI, or even jQuery Core. In these cases, we try to solve the problem in the best way for the largest audience, rather than creating an isolated solution within jQuery UI. We're able to do this by working with the community and bringing together various groups to collaborate on solutions. In this talk, I'll discuss how this concept is at the heart of the jQuery Foundation and explain some of the projects that have been born out of jQuery UI.