Trusted Types & the end of DOM XSS — ZeroNights 2019
Trusted Types & the end of DOM XSS

Trusted Types is a new approach to fight DOM XSS by replacing strings used in sensitive contexts with new types which could be constructed by an application in a controlled way. In this talk, you will hear how is Google changing its codebase to be able to adopt Trusted Types.

Jakub Vrana

Jakub Vrana

Jakub Vrana is a software engineer who works on security refactorings at Google. Jakub designs a provably safe API, converts all existing Google code to it and then bans the old unsafe pattern. Jakub works on enabling Trusted Types in Google products by finding and fixing blockers in them and their dependencies.

Krzysztof Kotowicz

Krzysztof Kotowicz

Krzysztof Kotowicz is a web security researcher specialising in discovery and exploitation of client-side vulnerabilities, and a software engineer in the Information Security Engineering team at Google. Speaker at various security conferences (ACM CCS 2017, Black Hat USA 2017, Owasp AppSec EU 2017, Nullcon 2016, Owasp AppSec Europe 2013, Black Hat USA 2012), member of the Google Vulnerability Reward Program panel, author of various web security attack techniques & security tools. Previously an avid fan of XSS, now he just wants to get rid of that security bug - once and for all.
Reports
Reports