Loews Portofino Hotel @ Universal Orlando
5601 Universal Boulevard
Orlando, FL 32819
Map »

Download PDF

XSS-Proof

Companies have focused for years to solidify the back-end infrastructure in defense against hacking attempts. Most companies however are forced to open up many ports including port 80 (http) for users to access web applications among other resources. This has lead to web attacks growing to be the #1 classification of hacker attacks today. In this space Cross Site Scripting (XSS) is the #1 ranked vulnerability affecting a large number of sites. This evolution requires that the understanding of securing an application move beyond sys admins and incorporate all aspects of system delivery for the protection of a system and system resources.

This session will detail what XSS is, including a large number of vectors of attack. We will review information from several OWASP development guides, along with code review tips when focused on XSS. An enabling aspect of XSS is AJAX and in particular JavaScript, for which we will focus on techniques and frameworks to help secure the DOM. Attendees will learn the techniques necessary to help XSS-Proof their web applications.

About Ken Sipe

Ken Sipe is a Technology Director with Perficient, Inc. (PRFT), IBM's largest service partner, where he leads multiple teams in the development of solutions in the SOA, Web 2.0 and portal domains, on both the Java and .Net platforms.

Ken was the founder of CodeMentor, where he was the Chief Architect and Mentor, leading clients in the execution of RUP and Agile methodologies in the delivery of software solutions.
Ken has a deep need to be highly diversified. Ken often works with IT executives on high-level strategic roadmaps, currently geared around service oriented architectures (SOA). Ken also likes to keep his hands "dirty" in the code, which has him on a regular basis, pairing or otherwise producing code. Ken is regularly requested by clients that know him to "rescue" projects, either through the streamlining of processes or the rapid production of code.

More About Ken »

Featured Sessions

CSS for Developers

by Molly Holzschlag
While CSS might be the Web's Lingua Franca of presentation and design, it's the Front End Developer who finds that he or she has to optimize CSS docum

HTML5 Killed XHTML2 (and the Mysterious Future of Markup)

by Molly Holzschlag
It's late 2009. A deep silence runs through the hallowed halls of the W3C. I slip into a stairwell and watch through the window as the well-formed cor

Web Standards for Web Applications: Half Day Seminar

by Molly Holzschlag
For many years the web standards movement focused its energies on best practices for web sites. Few of us, if any, could have foreseen the rapid emerg

Designing for Interesting Moments

by Bill Scott
Did you know that there are at least 16 different moments of interaction during drag and drop? And that there are at least a half-dozen elements on th

Web 2.0 Checklist: Deconstructing Modern Websites

by Scott Davis
"The challenge of modernity is to live without illusions and without becoming disillusioned." (Antonio Gramsci) There are plenty of sarcastic "Web 2.

GWT fu, Part 2

by David Geary
Learn to do amazing stuff with GWT.

An Introduction to MooTools 2.0

by Aaron Newton
MooTools is a fully featured JavaScript Development Framework. This session is a high-level introduction for users who are curious about the framework

Programming to Patterns

by Aaron Newton and Dylan Schiemann
The JavaScript frameworks make it increasingly easy to write highly expressive and concise functionality that enhances an HTML component, but the powe

Building SOFEA Applications with Grails and GWT

by Matt Raible
In early 2009, Matt participated in a major enhancement of a high-traffic well-known internet site. The company wanted to quickly re-architect their s

The Present and Future of Web App Design

by Torrey Rice
The sudden rise of Ajax kicked off the Web 2.0 revolution, catching a lot of people by surprise and leaving companies scrambling to catch up. Designer

Large-Scale Ajax Application Architectures

by Dylan Schiemann
When your web application goes beyond the simple inclusion of a few lines of script and becomes a full-fledged application, there are a variety of str

Featured Speakers

Aaron Newton

Contributor - MooTools JavaScript Framework

Aaron Newton is a product manager, developer, interface designer, and writer. He is a contributor to the MooTools Javascript framework - where he writes code, the documentation, free online tutorials and the first Mootools book published by Apress. His experience includes founding music startup, Epitonic.com, launching CNET's Download.com Music, and several years product managing application development for various p.. More »

Torrey Rice

Director of User Experience @ Sitepen

As Director of User Experience and the first employee of SitePen, Torrey oversees all UI and visual design and has been at the core of SitePen's success since the beginning. Self-taught, Torrey has a keen understanding of both development and interaction design. His ability to assess and design for technical limitations makes him an invaluable asset to the SitePen team. Torrey's previous stints include work with Renk.. More »

Molly Holzschlag

Web Standards Evangelist

Having achieved a modicum of balance after her midlife crisis, Molly decided to finally get a job. She is now a Web Evangelist focusing on developer relations for the upstart Norwegian browser company, Opera Software. Earlier in life, Molly avoided a regular job including those silly start-up ventures and chose instead to write a lot of books and articles and stuff on Web standards, and talk a lot about them, too.. More »

Matt Raible

Sr. UI Architect and Creator of AppFuse

Matt Raible has been building web applications for most of his adult life. He started tinkering with the web before Netscape 1.0 was even released. For the last 13 years, Matt has helped companies adopt open source technologies (Spring, Hibernate, Apache, Struts, Tapestry, Grails) and use them effectively. Matt has been a speaker at many conferences worldwide, including ApacheCon, JavaZone, Colorado .. More »

Shashank Tiwari

Managing Partner & CTO at Treasury of Ideas

Shashank Tiwari is a Managing Partner & CTO at Treasury of Ideas(http://www.treasuryofideas.com), a technology driven innovation and value optimization company. As an experienced software developer and architect, he is adept in a multitude of technologies. He is an internationally recognized speaker, author and mentor. As an expert group member on a number of JCP (Java Community Process) specifications he has been ac.. More »

Blogs

Location

Loews Portofino Hotel @ Universal Orlando
5601 Universal Boulevard
Orlando, FL 32819
View Map

Stay Informed

Not ready to register yet? Enter your email here to receive update notifications about this event.

Name:
Email: