Go to content

Securing the DOM from the Bottom Up - Krzysztof Kotowicz

Get a GitNation Multipass, attend 8+ remote JavaScript conferences & watch tens of pro talks and workshops from our past events: https://portal.gitnation.org/multipass 🗓   Talk recording from Amsterdam JSNation 2019 Conference: https://jsnation.com # Securing the DOM from the Bottom Up 18 years have passed since Cross-Site Scripting (XSS) became the single most common security problem in web applications. Since then, numerous efforts have been proposed to detect, fix or mitigate it, but these piecemeal efforts have not combined to make it easy to produce XSS-free code. This talk explains how Google’s security team has achieved a high-level of safety against XSS and related problems by integrating tools to make it easier for developers to easier to produce secure software than vulnerable, and to bound the portion of a codebase that could contribute to a vulnerability. We will show how this works in practice and end with advice on how to achieve the same results on widely-used, open-source stacks and new browser mechanisms that will make it much easier to achieve high levels​ of security with good developer experience.

June 5, 2019