Modern XSS Defense Strategies - Frameworks, CSP, and Sanitization

Explore the evolving landscape of Cross-Site Scripting (XSS) defense in this 41-minute conference talk from OWASP AppSec EU 2018. Delve into modern defensive strategies, including JavaScript framework defenses in Angular and React, and examine the progression of Content Security Policy (CSP) deployment across versions 1, 2, and 3. Learn about advancements in HTML sanitization techniques for both client and server-side applications, focusing on robust sanitizers and defensive libraries. Investigate critical design considerations, such as the ongoing importance of HTML injection prevention and the limitations of HTTPOnly cookies. Gain valuable insights to develop a focused, up-to-date strategy for defending against XSS in contemporary applications, beneficial for both developers and security professionals.

The Last XSS Defense Talk: Why XSS Defense has radically changed in the past 7 years - Jim Manico