February 22-24, 2023
Montreal, Canada

Rest in Peace, Cross-Site Scripting

Since almost 25 years, Cross-site scripting (XSS) is one of the most common risks for web application. Yet today, there are many ways to protect a web application from the attack: browser features, HTTP headers, and special APIs. This talk first discusses why XSS is dangerous at all and then covers countermeasures: Content Security Policy, Trusted Types API, and protection in SPA frameworks. After this talk, there's (almost) no excuse to get XSS.

View all 155 sessions

Christian Wenz

Arrabiata Solutions GmbH

Christian Wenz is an author, consultant and trainer focussing on web technologies and web application security. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, and is the lead author of the Zend PHP certification. His day job at Arrabiata Solutions includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right mix of web technologies.

Read More