Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Welcome to the full schedule of the OWASP AppSec Research EU 2014 conference days
View analytic
Wednesday, June 25 • 11:00 - 11:50
Biting into the Forbidden Fruit. Lessons from Trusting JavaScript Crypto.

Sign up or log in to save this to your schedule and see who's attending!

We all know JS crypto is flawed, right? Over the years, security community has pointed out its multiple fundamental problems. Several arguments were made and "JavaScript cryptography is bound to fail" became a mantra. Of course, despite all this JS crypto WAS used all over the place. Theory met practice - it was about time to dig into this!

In recent months, we tested various high-profile, in the wild crypto libraries, applications and systems. We saw code from home-grown cryptography to full-blown TLS or OpenPGP implementations. Hilarious bugs were spotted, protections were bypassed and systems were pwned. But was it really that different from what we all had already seen in OpenSSL, BouncyCastle or GnuPGP? Can we actually fix all those bugs? Does it mean that Javascript cryptography can be, pardon us saying, secure like any other?

Come and listen. During the talk vulns will be shown, authorities - questioned, myths - debunked, and browsers cursed upon. You'll see the full picture - from XSS, to man-in-the-middle, to PRNGs and timing side-channels, even snippets in C. No stone will be left unturned, nothing will be taken for granted. You'll be left with an updated, solid and heavily opinionated view of JavaScript cryptography.

Speakers
KK

Krzysztof Kotowicz

Web security researcher specialized in Javascript and HTML5 security. Author of multiple open-source pentesting tools, and recognized HTML5/UI redressing attack vectors. Speaker at international IT security conferences & meetings (Black Hat, BruCON, Hack In Paris, CONFidence, SecurityByte, HackPra, OWASP AppSec, Insomni'Hack). Recently joined Google as Information Security Engineer. 


Wednesday June 25, 2014 11:00 - 11:50
LAB026
  • Company 34

Attendees (31)