This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Netherlands Previous Events 2011"
| Line 1: | Line 1: | ||
| − | Chapter Meeting May 19th 2011 | + | Chapter Meeting May 19th 2011 |
| + | |||
| + | Sogeti Nederland B.V. Wildenborch 3, 1112 XB Dieme | ||
| + | |||
| + | Speaker: | ||
| + | |||
| + | Jim Manico is a managing partner of Infrared Security with over 15 years of professional web development experience. | ||
| − | |||
| − | |||
| − | |||
Jim is also the chair of the OWASP connections committee, one of the project managers of the OWASP ESAPI project, a participant and manager of the OWASP Cheatsheet series, the producer and host of the OWASP Podcast Series, the manager of the OWASP Java HTML Sanitizer project and the manager of the OWASP Java Encoder project. | Jim is also the chair of the OWASP connections committee, one of the project managers of the OWASP ESAPI project, a participant and manager of the OWASP Cheatsheet series, the producer and host of the OWASP Podcast Series, the manager of the OWASP Java HTML Sanitizer project and the manager of the OWASP Java Encoder project. | ||
| − | |||
| − | Abstract Title: The Ghost of XSS Past, Present and Future. A Defensive Tale. | + | When not OWASP'ing, Jim lives on of island of Kauai with his lovely wife Tracey. |
| + | |||
| + | |||
| + | |||
| + | Abstract Title: The Ghost of XSS Past, Present and Future. A Defensive Tale. | ||
| + | |||
Description: This talk will discuss the past methods used for XSS defense that were only partially effective. | Description: This talk will discuss the past methods used for XSS defense that were only partially effective. | ||
| + | |||
Learning from these lessons, will will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. | Learning from these lessons, will will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer. | ||
| + | |||
We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. | We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks. | ||
| + | |||
These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg | These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg | ||
Revision as of 22:06, 23 June 2011
Chapter Meeting May 19th 2011
Sogeti Nederland B.V. Wildenborch 3, 1112 XB Dieme
Speaker:
Jim Manico is a managing partner of Infrared Security with over 15 years of professional web development experience.
Jim is also the chair of the OWASP connections committee, one of the project managers of the OWASP ESAPI project, a participant and manager of the OWASP Cheatsheet series, the producer and host of the OWASP Podcast Series, the manager of the OWASP Java HTML Sanitizer project and the manager of the OWASP Java Encoder project.
When not OWASP'ing, Jim lives on of island of Kauai with his lovely wife Tracey.
Abstract Title: The Ghost of XSS Past, Present and Future. A Defensive Tale.
Description: This talk will discuss the past methods used for XSS defense that were only partially effective.
Learning from these lessons, will will also discuss present day defensive methodologies that are effective, but place an undue burden on the developer.
We will then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks.
These include auto-escaping template technologies, browser-based defenses such as Content Security Policy, and Javascript sandboxes such as the Google CAJA project and JSReg
