web-application

Workshop - Holistic Info-Sec for Web Developers

Kiwicon hands-on threat modelling, attack and defence strategy training for Web Developers wishing to understand their attackers better, stay ahead of them and create cost effective defence strategies.

Node.js Asynchronicity and Callback Nesting

Redirects to legacy blog post. AKA callback hell, temple of doom, often the functions that are nested are anonymous and often they are implicit closures. When it comes to asynchronicity in JavaScript, callbacks are our bread and butter. In saying that, often the best way to use them is by abstracting them behind more elegant APIs.

Exploring JavaScript Closures

Redirects to legacy blog post. Now establishing the formal definition has been quite an interesting journey, with quite a few sources not quite getting it right. Although the ES3 spec talks about closure, there is no formal definition of what it actually is. The ES5 spec on the other hand does discuss what closure is in two distinct locations.

Workshop - Writing an Ember.JS Application

At CHC.js Kim will demonstrate write a blogging platform in JavaScript using Ember.js. The application had the functionality to display, edit and navigate blog posts written in markdown in about 35 lines of JavaScript on top of the handlebars templates.

Talk - What's Our Software Doing With All That User Input

At OWASP NZ Day: What are we doing with all the characters that get shoved into our applications? Have we considered every potential execution context?

Workshop - Security Testing with Kim Carter

At ANZTB: Hands-on insight into security testing. Kim will discuss some of the more common security vulnerabilities being found in today’s software implementations, and will demonstrate ways of testing them.

Sanitising User Input from Browser part 2

Redirects to legacy blog post. Untrusted data (data entered by a user), should always be treated as though it contains attack code. This data should not be sent anywhere without taking the necessary steps to detect and neutralise the malicious code.

Sanitising User Input from Browser part 1

Redirects to legacy blog post. I was working on a web based project recently where there was no security thought about when designing, developing it. The following outlines my experience with retrofitting security. It’s my hope that someone will find it useful for their own implementation.