Is XSS Solveable (LayerOne 2009)

This is the video of the talk titled "Is XSS Solveable?" given at LayerOne 2009 by Don Ankney.

Talk Description: The presentation will begin by defining the scope of the problem – exactly what cross site scripting is, the risks that it poses, and how attackers use it to attack your customers. From there, we will spend some time defining what successful XSS mitigation code would look like including both input validation and output encoding. Finally, we will look at what it takes institutionally to implement a solid mitigation across your enterprise throughout the development lifecycle with an emphasis on how static code analysis tools can help verify that your code conforms to the XSS design requirements.

Speaker Bio: Don Ankney is a Security Advisor is Online Services Security and Compliance at Microsoft. Previously, he was an Analyst at the University of Washington where he was a coordinator of the web application security working group and has worked in the security access management group at Cingular Wireless.

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net