Cross-Site Scripting: Why It Persists, and What To Do

Presented by

Jim Manico, founder of Manicode Security and Oliver Lavery, VP of Research at IMMUNIO

About this talk

In this webinar, Jim Manico and Oliver Lavery address how application security is approached today, and how it can be improved, using the common vulnerability Cross Site Scripting (XSS) as an example. Today, application security is often left to developers with the idea that they will simply write perfect code that follows compliance regulations and has perfect functionality, and therefore there will be no security vulnerabilities or issues. Unfortunately, not only is this idea resource intensive and expensive, it is impossible. There will be errors in the code. XSS, for example, is a known vulnerability, but still afflicts 80% of web apps. Jim explains what a XSS attack is, how it is carried out, and potential effects. Oliver Lavery will contend that there is a way for applications to secure themselves from vulnerabilities such as XSS by leveraging the commonality of applications: the frameworks they are built on. Building security measures into the framework at the application layer allows for internal access to the state of the app and requires no code changes or resources. Then demonstrate an HTML XSS attack to show that securing apps via their frameworks allows you to automate the process of learning proper code structure to determine if a change in that structure in future renderings is an attack that can be blocked. You will learn: What is Cross Site Scripting (XSS) How are XSS attacks executed, and what are the ramifications How can your app defend itself from and XSS attack How building security measures into an apps framework can mitigate code vulnerabilities How to secure your app without changing your code or deadline

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (9)
Subscribers (1217)
IMMUNIO provides automatic detection and protection against application security vulnerabilities through real-time application self-protection (RASP). IMMUNIO augments applications with the necessary protection services and hardens applications against common attacks targeting typical security weaknesses. This channel highlights a transformative approach to make truly effective real-time web protection technology easily available and widely deployed, and by doing so, stop the biggest source of breached data records.