[Owasp-germany] Stammtisch Karlsruhe: "The Past Present and Future of XSS Defense (Revisited)" presented by Jim Manico

zai zai at z.ai
Mon Oct 29 17:24:40 UTC 2018

Hello everyone!

The upcoming OWASP Stammtisch in Karlsruhe will be different in many ways.
We're NOT meeting on a Monday this time, but on a Thursday! More precisely,
it will be November 8th at 19:00. It will also be held in English, so bring
your Bable fishes!
We'll have Hawaiian OWASP veteran Jim Manico presenting an updated version
of his talk "The Past Present and Future of XSS Defense".

Here's an abstract:
Why are we still talking about Cross Site Scripting in 2018?
Because it's painfully difficult to defend against XSS even to this day.

This talk is a fundamental update to the 2011 AppSec USA talk "The Past
Present and Future of XSS Defense".
We'll address new defensive strategies such as modern JavaScript framework
defense in Angular, React and other frameworks. We'll also look at how CSP
deployment has changed in the past 7 years illustrating the progressive use
of content security which supports CSP v1, v2 and v3 concurrently.
We will then look at advances in HTML sanitization on both the client and
server and focus on sanitizers and defensive libraries that have stood the
test of time in terms of maintenance and security. We'll also look at
interesting design topics such as how HTML injection is still critical even
in the face of rigorous XSS defense and how HTTPOnly cookies are largely
ineffective. This talk should help developers and security professionals
alike build a focused and modern strategy to defend against XSS in modern

After the talk, we'll head over to Kühler Krug for some refreshing beers,
delicious food and inspirational chats with the participants.
Please register either via Meetup or Doodle or email or phone or Signal or
Threema or in person with either me or Rolf.

Meetup: https://www.meetup.com/owasp-karlsruhe/events/255941298/
Doodle: https://doodle.com/poll/ixnn26y22hv6whqv
Email: The one I'm sending from ;-)

I should probably also mention that the location will be 1&1 Internet SE,
Ernst-Frey-Straße 10. If you're on time, we can let you in. If you're late,
please knock on the glass of the illuminated room in the ground floor, so
we'll open the door for you :-)


More information about the Owasp-germany mailing list