11/13/2024 - 14:15

Cross Site Scripting is a thing of the past, right?

Unfor­tu­nate­ly, no — Cross-Site Script­ing (XSS) remains one of the most dan­ger­ous attacks in fron­tend devel­op­ment with JavaScript. After a brief intro on the ori­gin of XSS, Mar­ti­na will pro­vide more insights into cur­rent trends and advanced XSS attack tech­niques. The focus will be on new­er devel­op­ments in mea­sures to defend against XSS attacks like the Con­tent-Secu­ri­ty-Pol­i­cy Head­er. After this ses­sion rich in live demos, you should have a good overview of how to pro­tect your­self against XSS attacks with lit­tle effort effec­tive­ly. Because one thing is cer­tain: Cross-Site Script­ing is far from being a thing of the past.

Learning objectives

  • Defense mechanism against XSS beyond typical sanitizing
  • Configuration with Content-Security-Policy
  • trusted-types

Level

Basic

Prior knowledge

Basic knowledge of JavaScript should be given.
Martina Kraus
Martina Kraus has been active in the world of web development from her early years and has over time developed into an expert in the field of web security. As a Senior Software Engineer, she focuses on integrating security best practices into all phases of software development. In her role as a Google Developer Expert (GDE), she also loves to spread knowledge about web security at national and international conferences, regularly organizes ngGirls events (free Angular workshops for women), and the local Google Developers Group in Karlsruhe. You can find Martina on LinkedIn and on X.