Presentation Title The Ghost of XSS Past, Present and Future – A Defensive Tale
Presentation Abstract
This talk will discuss the past methods used for XSS defense that were only partially effective. Learning from these lessons, will will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer.
We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.
About Jim Manico
Jim Manico is a managing partner of Infrared Security with over 15 years of professional web development experience. Jim is also the chair of the OWASP connections committee, one of the project managers of the OWASP ESAPI project, a participant and manager of the OWASP Cheatsheet series, the producer and host of the OWASP Podcast Series, the manager of the OWASP Java HTML Sanitizer project and the manager of the OWASP Java Encoder project. When not OWASP’ing, Jim lives on of island of Kauai with his lovely wife Tracey.