Next Meetup

OWASP OC August dinner mtg: Why are we still talking about Cross Site Scripting?
Speaker: Jim Manico, Founder of Manicode Security Topic: Why are we still talking about Cross Site Scripting in 2018? Abstract: Because it's painfully difficult to defend against XSS even to this day. This talk is a fundamental update to the 2011 AppSec USA talk "The Past Present and Future of XSS Defense". We'll address new defensive strategies such as modern JavaScript framework defense in Angular, React and other frameworks. We'll also look at how CSP deployment has changed in the past 7 years illustrating the progressive use of content security which supports CSP v1, v2 and v3 concurrently. We will then look at advances in HTML sanitization on both the client and server and focus on sanitizers and defensive libraries that have stood the test of time in terms of maintenance and security. We'll also look at interesting design topics such as how HTML injection is still critical even in the face of rigorous XSS defense and how HTTPOnly cookies are largely ineffective. This talk should help developers and security professionals alike build a focused and modern strategy to defend against XSS in modern applications. Speaker Bio: Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also the founder of Brakeman Security, Inc. and is a investor/ad visor for Signal Sciences. Jim is a frequent speaker on secure software practices, is a member of the JavaOne rock-star speaker and Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill and Oracle Press. Jim also volunteers for the OWASP foundation where he helps build application security standards and other documentation. Schedule: 6:00pm Food, Drinks & Networking 6:40pm Presentation (followed by Q&A) A raffle will be held at the end of the meeting for OWASP swag and a free conference pass to the AppSec Cali 2019 conference. You must be present to win.

PeopleSpace

1691 Kettering St · Irvine, CA

Upcoming Meetups

Past Meetups (74)

What we're about

OWASP Orange County Chapter. The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

Support your Orange County Chapter: only $50 for the entire year!

Become an OWASP Member TODAY (https://www.owasp.org/index.php/Membership)

Members (1,134)

Photos (150)