XSS-Proof

Companies have focused for years to solidify the back-end infrastructure in defense against hacking attempts. Most companies however are forced to open up many ports including port 80 (http) for users to access web applications among other resources. This has lead to web attacks growing to be the #1 classification of hacker attacks today. In this space Cross Site Scripting (XSS) is the #1 ranked vulnerability affecting a large number of sites. This evolution requires that the understanding of securing an application move beyond sys admins and incorporate all aspects of system delivery for the protection of a system and system resources.

This session will detail what XSS is, including a large number of vectors of attack. We will review information from several OWASP development guides, along with code review tips when focused on XSS. An enabling aspect of XSS is AJAX and in particular JavaScript, for which we will focus on techniques and frameworks to help secure the DOM. Attendees will learn the techniques necessary to help XSS-Proof their web applications.

About Ken Sipe

Ken is a distributed application engineer. Ken has worked with Fortune 500 companies to small startups in the roles of developer, designer, application architect and enterprise architect. Ken's current focus is on containers, container orchestration, high scale micro-service design and continuous delivery systems.

Ken is an international speaker on the subject of software engineering speaking at conferences such as JavaOne, JavaZone, Great Indian Developer Summit (GIDS), and The Strange Loop. He is a regular speaker with NFJS where he is best known for his architecture and security hacking talks. In 2009, Ken was honored by being awarded the JavaOne Rockstar Award at JavaOne in SF, California and the JavaZone Rockstar Award at JavaZone in Oslo, Norway as the top ranked speaker.

More About Ken »