Loading…
AppSec Europe 2018 has ended
                                                                                    ***Content is subject to change.***
Thursday, July 5 • 1:30pm - 2:15pm
The Last XSS Defense Talk: Why XSS Defense has radically changed in the past 7 years LIMITED

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Limited Capacity seats available

Why are we still talking about Cross Site Scripting in 2018? Because it's painfully difficult to defend against XSS even to this day. This talk is a fundamental update to the 2011 AppSec USA talk "The Past Present and Future of XSS Defense". We'll address new defensive strategies such as modern JavaScript framework defense in Angular, React and other frameworks. We'll also look at how CSP deployment has changed in the past 7 years illustrating the progressive use of content security which supports CSP v1, v2 and v3 concurrently. We will then look at advances in HTML sanitization on both the client and server and focus on sanitizers and defensive libraries that have stood the test of time in terms of maintenance and security. We'll also look at interesting design topics such as how HTML injection is still critical even in the face of rigorous XSS defense and how HTTPOnly cookies are largely ineffective. This talk should help developers and security professionals alike build a focused and modern strategy to defend against XSS in modern applications.


Speakers
avatar for Jim Manico

Jim Manico

Trainer, Manicode Security LLC
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is an a investor/advisor for Signal Sciences and BitDiscovery. Jim is also a frequent speaker on secure software practices, is a member of the JavaOne rockstar... Read More →


Thursday July 5, 2018 1:30pm - 2:15pm
Fleming - 3rd Floor QEII Centre Broad Sanctuary, Westminster, London. SW1P 3EE

Attendees (66)