Difference between revisions of "Netherlands Previous Events 2011"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
 
Chapter Meeting May 19th 2011  
 
Chapter Meeting May 19th 2011  
  
Sogeti Nederland B.V. Wildenborch 3, 1112 XB Dieme
+
Sogeti Nederland B.V. Wildenborch 3, 1112 XB Diemen
  
Speaker:
+
Speaker:  
  
 
Jim Manico is a managing partner of Infrared Security with over 15 years of professional web development experience.  
 
Jim Manico is a managing partner of Infrared Security with over 15 years of professional web development experience.  
Line 11: Line 11:
 
When not OWASP'ing, Jim lives on of island of Kauai with his lovely wife Tracey.  
 
When not OWASP'ing, Jim lives on of island of Kauai with his lovely wife Tracey.  
  
 
+
<br>
  
 
Abstract Title: The Ghost of XSS Past, Present and Future. A Defensive Tale.  
 
Abstract Title: The Ghost of XSS Past, Present and Future. A Defensive Tale.  

Revision as of 17:06, 23 June 2011

Chapter Meeting May 19th 2011

Sogeti Nederland B.V. Wildenborch 3, 1112 XB Diemen

Speaker:

Jim Manico is a managing partner of Infrared Security with over 15 years of professional web development experience.

Jim is also the chair of the OWASP connections committee, one of the project managers of the OWASP ESAPI project, a participant and manager of the OWASP Cheatsheet series, the producer and host of the OWASP Podcast Series, the manager of the OWASP Java HTML Sanitizer project and the manager of the OWASP Java Encoder project.

When not OWASP'ing, Jim lives on of island of Kauai with his lovely wife Tracey.


Abstract Title: The Ghost of XSS Past, Present and Future. A Defensive Tale.

Description: This talk will discuss the past methods used for XSS defense that were only partially effective.

Learning from these lessons, will will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer.

We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks.

These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg