ST

Description: This is the video of the talk titled "Is XSS Solveable?" given at LayerOne 2009 by Don Ankney.

Talk Description: The presentation will begin by defining the scope of the problem – exactly what cross site scripting is, the risks that it poses, and how attackers use it to attack your customers. From there, we will spend some time defining what successful XSS mitigation code would look like including both input validation and output encoding. Finally, we will look at what it takes institutionally to implement a solid mitigation across your enterprise throughout the development lifecycle with an emphasis on how static code analysis tools can help verify that your code conforms to the XSS design requirements.

Speaker Bio: Don Ankney is a Security Advisor is Online Services Security and Compliance at Microsoft. Previously, he was an Analyst at the University of Washington where he was a coordinator of the web application security working group and has worked in the security access management group at Cingular Wireless.