June 30th, 2011
New York PHP Community
, in collaboration with OWASP
, is holding a monthly series that reviews each of the OWASP Top Ten Web Security
In the final inning of a shutout June, we welcome back Anthony Ferrara to share his insight and expertise on the ubiquitous vulnerability that is cross site scripting (XSS).
Cross Site Scripting (XSS) is currently listed as OWASP's #2 highest risk vulnerability affecting web applications today, yet most people simply don't understand why they need to be concerned, and even more don't know how to properly protect themselves against these common threats.
In this talk we will go over the core concepts of XSS - what it is, how it's exploited, and the severity of the problem. We will dissect a real-world web application to demonstrate finding - and exploiting - vulnerabilities. Finally, we will review how to both prevent and thwart the XSS risk in your code.
Anthony Ferrara is a Senior Developer at NBC Universal, a Zend Certified Engineer and a OWASP member. He is a contributor to multiple Open Source projects as well as the community as a whole. He is also a former Core Team Member and Development Coordinator for the Joomla! project, as well as a former leader of its Security team. You can follow his blog at blog.ircmaxell.com or on Twitter at @ircmaxell.