Overview
Syllabus
Intro
Software developers
Whos vulnerable
White Hat
Windows Exposure
Challenges to Secure Applications
Market Forces
Knowledge Gap
Constraints
Security maturity models
Crash tests
Software and security
Raise awareness and education
Prioritize
Top 10
Injection
Taxonomy
Types of XSS
Reflected Example
Context Matters
Injection Points
JavaScript
Crosssite scripting vulnerabilities
Twitter scripting vulnerabilities
Browser protection
Crosssite scripting
Takeaways
Injection Mitigation
Encoding
AntiXSS
Whitelisting
Unicode
Context
ModelController
Demo
Metasploit
Aurora
Screenshot
Takeaway