PHDays video

POSITIVE HACK DAYS



ORGANIZER

Program

Waf.js: How to Protect Web Applications Using JavaScript

Want to visit   +107

Authors: Denis Kolegov and Arseny Reutov

The speakers will demonstrate how client-side JavaScript injection may be used to detect and prevent various attacks, search for vulnerable client components, detect leakage of data about web app infrastructure, and find web bots and malicious tools. In addition, they will share their own injection detection methods that employ syntax analyzers without signatures or filtering regular expressions, and discuss implementation of client-side JS honeypot to capture SSRF, IDOR, command injection, and CSRF attacks.

  • Language
  • Russian

Denis Kolegov is a web application security researcher at Positive Technologies, PhD, associate professor of Information Security and Cryptography Department at Tomsk State University. He has spoken at numerous security conferences, including ZeroNights, Positive Hack Days, SibeCrypt, and Codefest. With a collaborative research regarding HTTP covert timing channels, he is listed in the Top 10 Web Hacking Techniques of 2014. Prior to joining Positive Technologies, Denis was a senior security engineer at F5 Networks.

Arseny Reutov is a web application security researcher at Positive Technologies. He has participated in various CTF contests and bug bounty programs and is acknowledged by Zend, Nokia, Yandex, Barracuda and others. He participates in such infosec conferences as ZeroNights and CONFidence as a speaker and Positive Hack Days as an organizer. With a collaborative research regarding bruteforce of PHPSESSID, he is listed in the Top 10 Web Hacking Techniques of 2012. He has been maintaining the web security blog raz0r.name since 2008.

Denis Kolegov and Arseny Reutov Denis Kolegov and Arseny Reutov

Back to the list