Finding and Fixing DOM-based XSS - with Static Analysis by Frederik Braun | JSCAMP 2021

Cross-Site Scripting (XSS) consistently ranks highest in the list of the most prevalent security problems within web applications. In particular, DOM-based XSS exposes one of the most severe issues facing Single Page Applications and Electron Apps. In this talk we will examine the root causes of DOM-based XSS and provide fundamental insights into using static analysis to detect problematic code at scale. Furthermore, we will share practical tips that will ease adoption of these techniques when dealing with potential false positives or large codebases. We will conclude with an outlook on upcoming web standards which aim to support web developers to tackle DOM-based XSS once and for all.