XSS Mitigation - The State of the Art

XSS Mitigation - The State of the Art

Security BSides San Francisco via YouTube Direct link

The future of browser defenses

9 of 19

9 of 19

The future of browser defenses

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

XSS Mitigation - The State of the Art

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Main XSS variants
  3. 3 Web security model: Same Origin Policy, 1995
  4. 4 Juicy targets: Electron apps
  5. 5 Most common bypasses
  6. 6 Disable JavaScript
  7. 7 Trusted Types
  8. 8 Cookies security
  9. 9 The future of browser defenses
  10. 10 Server Side Rendering options
  11. 11 Auto Content Security Policy for Server Side Rendering
  12. 12 Templating engines-level mitigations
  13. 13 Static Application Security Testing (SAST)
  14. 14 Existing standards mitigations overview (aka security headers soupe)
  15. 15 The future of server side mitigations
  16. 16 Battlecards: XSS threat model
  17. 17 Frameworks and associated risks
  18. 18 Supply chain security: XSS specific risks Remote dependencies can be tampered with
  19. 19 XSS defense in depth

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.