The Last XSS Defense Talk

Explore the latest defensive strategies against Cross-Site Scripting (XSS) in this comprehensive conference talk from NDC Porto 2022. Delve into modern JavaScript framework defenses for Angular, React, and Vue, and examine the evolution of Content Security Policy (CSP) deployment over the past seven years. Learn about advances in HTML sanitization techniques for both client and server-side applications, focusing on battle-tested sanitizers and defensive libraries. Investigate critical design topics, including the ongoing importance of HTML injection protection, the limitations of HTTPOnly cookies, and the role of Trusted Types in enhancing framework security. Gain valuable insights to help developers and security professionals build a focused, modern strategy for defending against XSS in contemporary applications.

The Last XSS Defense Talk - Jim Manico - NDC Porto 2022