Speaker: Jim Manico
This talk will discuss the past methods used for XSS defence that were only partially effective. Learning from these lessons, will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer.
We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks.
These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.
