filmov
tv
The Last XSS Defense Talk - Jim Manico - NDC Porto 2022
Показать описание
Why are we still talking about Cross Site Scripting in 2020? Because it is painfully difficult to defend against XSS even to this day.
In this talk we'll address new defensive strategies such as modern JavaScript framework defense in Angular, React, Vue and other frameworks. We'll also look at how CSP deployment has changed in the past 7 years illustrating the progressive use of content security which supports CSP v1, v2 and v3 concurrently.
We will then look at advances in HTML sanitization on both the client and server and focus on sanitizers and defensive libraries that have stood the test of time in terms of maintenance and security. We'll also look at interesting design topics such as how HTML injection is still critical even in the face of rigorous XSS defense, how HTTPOnly cookies are largely ineffective, and how Trusted Types is making your favorite frameworks more secure.
This talk should help developers and security professionals alike build a focused and modern strategy to defend against XSS in modern applications.
Check out more of our featured speakers and talks at
In this talk we'll address new defensive strategies such as modern JavaScript framework defense in Angular, React, Vue and other frameworks. We'll also look at how CSP deployment has changed in the past 7 years illustrating the progressive use of content security which supports CSP v1, v2 and v3 concurrently.
We will then look at advances in HTML sanitization on both the client and server and focus on sanitizers and defensive libraries that have stood the test of time in terms of maintenance and security. We'll also look at interesting design topics such as how HTML injection is still critical even in the face of rigorous XSS defense, how HTTPOnly cookies are largely ineffective, and how Trusted Types is making your favorite frameworks more secure.
This talk should help developers and security professionals alike build a focused and modern strategy to defend against XSS in modern applications.
Check out more of our featured speakers and talks at
The Last XSS Defense Talk - Jim Manico - NDC Porto 2022
The Last XSS Defense Talk: Why XSS Defense has radically changed in the past 7 years - Jim Manico
AppSecIL 2018 - Opening Keynote - The Last XSS Defense Talk, Jim Manico
XSS History and Conclusion - Jim Manico
XSS Defense - Jim Manico
Cross-Site Scripting (XSS) Explained And Demonstrated By A Pro Hacker!
NO MORE Stored XSS Flaws in Your NodeJS Apps
Advanced XSS - Robert Grosse - 2013-2-5
#HITB2012KUL D2T1 - Shreeraj Shah - XSS & CSRF Strike Back -- Powered by HTML5
DEF CON 21 - Kenneth Lee - How to use CSP to stop XSS
Trusted types & the end of DOM XSS - Krzysztof Kotowicz
Black Hat USA 2013 - The Web IS Vulnerable: XSS Defense on the BattleFront
Mastering Advanced XSS Attacks and How to Prevent Them
Cross Site Scripting XSS Explained by Anonymod the PRO Hacker
Cross-Site Scripting (XSS) Explained in 7 minutes
Live Code: Go(lang) Application Security - XSS and CSRF
Enough with XSS, let's talk about something else? - Karan Sharma
Hacking - Intro to Cross Site Scripting (XSS)
![[CSSconf.eu 2013] Mike](https://i.ytimg.com/vi/eb3suf4REyI/hqdefault.jpg)
[CSSconf.eu 2013] Mike West - XSS. (No, the _other_ 'S')
Stored XSS Definition and Prevention
Omar Minawi - Client-Side JavaScript from your nightmares: Multi-step XSS attacks and defenses
alert‘OAuth 2 0’; // The impact of XSS on OAuth 2 0 in SPAs
Mike West: Towards a post-XSS world. -- JSConf EU 2013
React XSS Attack Prevention in 1 Minutes
Комментарии