Podívejte se raději na online verzi přednášky, slajdy mohly být aktualizovány nebo doplněny.

Detail přednášky

They say that attackers need to be lucky just once and defenders need to be lucky always. I call bullfish. I mean just look at a castle. Yeah, any castle. Not being lucky always is part of the design: moat, high walls, laser towers and tesla coils. Let's build web apps the same way and let's explain it on XSS, the attack first described 20 years ago. Because manually calling htmlspecialchars() is so 90s. We'll talk about templating engines, XSS Filters, Content Security Policy and more.

Datum a akce

14. ledna 2019, PHP UserGroup Dresden Meetup I/2019 – CTF & Security (délka přednášky 45 minut)