Explore the latest defensive strategies against Cross-Site Scripting (XSS) in this comprehensive conference talk from NDC Porto 2022. Delve into modern JavaScript framework defenses for Angular, React, and Vue, and examine the evolution of Content Security Policy (CSP) deployment over the past seven years. Learn about advances in HTML sanitization techniques for both client and server-side applications, focusing on battle-tested sanitizers and defensive libraries. Investigate critical design topics, including the ongoing importance of HTML injection protection, the limitations of HTTPOnly cookies, and the role of Trusted Types in enhancing framework security. Gain valuable insights to help developers and security professionals build a focused, modern strategy for defending against XSS in contemporary applications.
Overview
Syllabus
The Last XSS Defense Talk - Jim Manico - NDC Porto 2022
Taught by
NDC Conferences
Related Courses
-
Modern XSS Defense Strategies - Frameworks, CSP, and Sanitization
-
Fixing XSS with Content Security Policy
-
Enhancing ReactJS Application Security: Cross-Site Scripting and Client-Side Defense
-
Don't Trust the DOM - Bypassing XSS Mitigations via Script Gadgets
-
Towards a Post-XSS World
-
XSS Mitigation - The State of the Art
