Skip to content

OWASP Meeting with Jim Manico

Photo of Wojciech Dworakowski
Hosted By
Wojciech D. and 2 others
OWASP Meeting with Jim Manico

Details

Dear OWASPers,
This time we have prepared something very special. We seize the opportunity that Jim Manico - one of the most charismatic infosec speakers and OWASP leader - will be visiting our city and we've asked him to have a lecture at our meeting.

Meetup will be hosted by Ocado Technology.

Agenda:

  1. Jim Manico - The Last XSS Defense Talk

Why are we still talking about Cross Site Scripting in 2018? Because it's painfully difficult to defend against XSS even to this day. This talk is a fundamental update to the 2011 AppSec USA talk "The Past Present and Future of XSS Defense". We'll address new defensive strategies such as modern JavaScript framework defense in Angular, React and other frameworks. We'll also look at how CSP deployment has changed in the past 7 years illustrating the progressive use of content security which supports CSP v1, v2 and v3 concurrently. We will then look at advances in HTML sanitization on both the client and server and focus on sanitizers and defensive libraries that have stood the test of time in terms of maintenance and security. We'll also look at interesting design topics such as how HTML injection is still critical even in the face of rigorous XSS defense and how HTTPOnly cookies are largely ineffective. This talk should help developers and security professionals alike build a focused and modern strategy to defend against XSS in modern applications.\

Bio: Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for Signal Sciences and BitDiscovery. Jim is also a frequent speaker on secure software practices, is a member of the JavaOne rockstar speaker and Java Champion community and is the author of "Iron-Clad Java: Building Secure Web Applications" from McGraw-Hill and Oracle Press. Jim also volunteers for the OWASP foundation where he helps build application security standards and other documentation.

  1. Q&A and discussion

===============
How to find us:

Ocado Technology (building "High5ive Two") - second building when you are going from Pawia street.

Ocado representative will be waiting near reception and she will let you in.

In case of any problems please call Kinga Grudzień (+48 534 103 565) or
Valentyna Martyniuk (+48 570 045 866)

Events in Kraków, PL
Photo of OWASP Poland group
OWASP Poland
See more events
OWASP Poland
Photo of OWASP Poland group
Ocado - High5ive ul. Pawia 9
Pawia 9 · Kraków
Photo of OWASP Poland group
OWASP Poland
public group