This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Los Angeles/2011 Meetings/September 28

Jump to: navigation, search

Topic: Deep XSS Defense

This talk will discuss the past methods used for XSS defense that were only partially effective. Learning from these lessons, will will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg.

Speaker: Jim Manico

Jim Manico has been an active member of OWASP since 2008.

Jim is the founder, producer and host of the OWASP Podcast Series. As of July 2011 there are 86 shows that have entailed Jim working over 500 hours. Jim is grateful to the many guests who have made the show a success.

Jim is also the chair of the OWASP Connections Committee where he manages the OWASP Blog, twitter feed and press communications for OWASP. He feels that these activities are directly inline with the OWASP core mission of spreading awareness.

He has also been a significant contributor and manager of the OWASP Cheatsheet Series. He has worked on the XSS, DOM XSS, SQL Injection, Cryptographic Storage, Forgot Password and other topics in this series.

Meeting Sponsor: PKWARE


More than 30,000 global corporations and 200 government agencies worldwide rely on PKWARE to help protect against security breaches, reduce the risk of non compliance and safeguard sensitive data. The PKWARE Solution is the only complete system for reducing, securing, moving and storing data across the extended enterprise, both internally and externally, from mainframes to servers to desktops and into the cloud. PKWARE is the industry standard for portability, ensuring data security and cross-platform computing. The PKWARE Solution is used billions of times a day to manage risks associated with data security breaches while avoiding increased storage costs with data reduction of up to 95% and improving service delivery. PKWARE is a privately-held company based in Milwaukee, WI with additional offices in New York, Ohio and the United Kingdom.