Skip Navigation Linksxss-dont-die-of-ignorance

​XSS: Don't die of ignorance


​Robin Minto


Robin is a developer/technical architect working for ByBox, a supply chain technology company in the UK.

He’s passionate about dev, ops, continuous improvement and all things security.

Other passions include snowboarding, cycling and gin (but not together). He blogs at robinminto.com.

Brief Overview


Cross-site scripting vulnerabilities are bad news. We'll demonstrate these attacks (with Clippy!) and look at how to protect against them.

Description


You wouldn't allow any Tom, Dick or Harry to add code to your application; but cross-site scripting (XSS) vulnerabilities allow exactly that.

This session aims to prevent these issues from keeping you awake at night. We'll look at the mechanics of XSS, how protections can be bypassed and how defence in depth is your friend. We'll demonstrate XSS in action using the Browser Exploitation Framework Project to illustrate the power of this attack. Examples are in C# and React.js; lessons will be useful to any web developer.

We’ll learn how to protect ourselves from XSS so we can all get a better night’s sleep.