Securing the DOM from the Bottom Up

Explore a comprehensive approach to securing web applications against Cross-Site Scripting (XSS) in this 31-minute conference talk from Amsterdam JSNation 2019. Delve into Google's security team's strategies for achieving high-level safety against XSS and related vulnerabilities. Learn how integrating tools can make it easier for developers to produce secure software rather than vulnerable code. Discover practical implementations and gain valuable advice on achieving similar results using widely-used, open-source stacks. Examine new browser mechanisms that enhance security while maintaining a positive developer experience. Understand how to bound the portion of a codebase that could contribute to vulnerabilities, ultimately creating more robust and secure web applications.

Securing the DOM from the Bottom Up - Krzysztof Kotowicz