Compromising Web Applications with Style && Chrome DevTools

This is a past event

49 people went

Platform

New Station Street · Leeds, LS1 4JB

How to find us

Head outside of the train station entrance, where you'll see M&S. As you come out of the station, Platform entrance is on your right. Let the receptionist guide you to our space!

Location image of event venue

What we'll do

Leeds Frontend welcome all to this free event. Come along for a good time, listen to some interesting talks and mingle with fellow like minded people over some food.

Talk 1- Compromising Web Applications with Style- Gavin Watson
Technical Director- Pentest People

The concept of injecting seemingly harmless CSS code into a vulnerable application to exfiltrate sensitive data is not new. The various methods of exploitation have been covered in articles dating back many years. However, the vulnerability continues to be identified in modern day applications, and the dedicated compensatory controls continue to be lacking in even the most security focused solutions.

If an application is identified as vulnerable, then an attacker can potentially extract information from restricted session controlled web pages, including data such as CSRF tokens and pre-populated passwords. In some applications, a compromise of the CSRF security controls can result in unauthorised use of functionality such as changing user passwords.

This presentation aims to introduce the audience to all aspects of CSS injection, including what makes an application vulnerable from a code perspective, how an attacker would perform attacks to exfiltrate data, and how application developers can mitigate the risk of introducing such a vulnerability in their code.

Talk 2- Chrome DevTools: Inside Out
Senior Software Engineer - Katie Fenn

Chrome DevTools: a suite of tools to debug and profile the performance of your site. They’re bundled with every copy of Chrome, and you have every reason to learn what they’re capable of.

Starting with the basics of inspecting HTML and CSS, we will then tour debugging scripts line-by-line and profiling performance. We’ll also find out the features that help you automate work and save time. If you’ve always wanted to know how to debug CSS and Javascript, this talk will help you demystify your code and not make things worse by guessin’.

18:30 – Turn up, do some networking
19:00 – Compromising Web Applications with Style - Gavin Watson
19:20 – Job pitches (from anyone!)
19:25 – Break for food and networking
19:40 – Chrome DevTools: Inside Out - Katie Fenn
20:10- Off to the pub!

More info about our sponsors, coming soon!
//Transition Partners
Transition Partners specialise in IT, Business Transformation & Digital
recruitment, they are a Leeds based Consultancy who are open,
honest and transparent. The team are enthusiastic, passionate
“people” people who have candidates best interests at heart. For
more info head to Transition-Partners.co.uk

//Stars Group/Sky Bet
//Ayup Digital
//Co>Space North