secappdev.org's video: XSS Defense - Jim Manico

This talk discusses the historical methods used for cross-site scripting (XSS) defense. Learning from these lessons, we discuss a variety of present day defensive methodologies that are effective, even though they can place an undue burden on the developer. We then finish with a discussion of future XSS defense mythologies that shift the burden of XSS defense from the developer to various frameworks and standards such as Content Security Policy. This lecture was delivered at SecAppDec 2015 in Leuven. Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He has a 18 year history building software as a developer and architect. Jim is a frequent speaker on secure software practices and is a member of the JavaOne rockstar speaker community. Jim is also a Global Board Member for the OWASP foundation where he helps drive the strategic vision for the organization. He is the author of Iron-Clad Java: Building Secure Web Applications from McGraw-Hill.