Melbourne Identity and Security Meetup: Vulnerabilities with Emoji; Banishing Uninvited Javascript

Melbourne Identity and Security Meetup: Vulnerabilities with Emoji; Banishing Uninvited Javascript

Share This Content
The Melbourne Identity and Security Meetup is an informal evening open to all. We value diversity and operate a strict code of conduct, for the comfort of all our members.

# Expressive Security: Vulnerabilities with Emoji -- Katie McLaughlin

Emoji are an interesting beast. Once an obscure part of the Unicode standard, they now saturate our systems to a degree that there are some... interesting side effects. Follow along as we discover how some systems do not like emoji, which systems can handle the odd non-standard character, and if we can find any security vulnerabilities only using the humble smiley-face. By the end of this talk, you will appreciate how complex human expression is, and why ensuring unicode compatibility will help your systems.

Katie (@glasnt) has worn many different hats over the years. She has been a software developer for many languages, systems administrator for multiple operating systems, and speaker on many different topics.
When she’s not changing the world, she enjoys cooking, making tapestries, and seeing just how well various application stacks handle emoji.

# Vampires in the Browser: banishing uninvited Javascript from your web app -- Lilly Ryan

Legend has it that a vampire cannot enter a home unless they are invited to do so.

Much like vampires, Javascript cannot generally enter your web application unless it is invited in. Also like vampires, there are many sneaky ways that you may find yourself with someone else's Javascript inside your app without realising you've allowed it to be there. What happens next may be a bloodsucking nightmare or an eternal, sparkly romance, but whatever the outcome it's always better to know how to protect your spaces against intruders.

This session is here to help you solve this problem. Join us for a look at the ways that even the best-intentioned developer may leave loopholes for unwanted, third-party Javascript to creep into their apps, what that code can do when it gets there, and the configurations you can deploy to prevent this from happening.

Lilly Ryan is a digital security consultant and public speaker who serves on the board of Digital Rights Watch. Lilly specialises in web application security, privacy education, and the history of technology-related issues. You can catch her talking security on the OWASP DevSlop Show or occasionally having opinions on 3RRR.