php meetup

Cross Site Scripting (XSS) and PHP Security

OWASP Top 10 Web Application Security Risks Monthly Series

June 30th, 2011

New York PHP Community, in collaboration with OWASP, is holding a monthly series that reviews each of the OWASP Top Ten Web Security threats.

In the final inning of a shutout June, we welcome back Anthony Ferrara to share his insight and expertise on the ubiquitous vulnerability that is cross site scripting (XSS).

Cross Site Scripting (XSS) is currently listed as OWASP's #2 highest risk vulnerability affecting web applications today, yet most people simply don't understand why they need to be concerned, and even more don't know how to properly protect themselves against these common threats.

In this talk we will go over the core concepts of XSS - what it is, how it's exploited, and the severity of the problem. We will dissect a real-world web application to demonstrate finding - and exploiting - vulnerabilities. Finally, we will review how to both prevent and thwart the XSS risk in your code.

Anthony Ferrara is a Senior Developer at NBC Universal, a Zend Certified Engineer and a OWASP member. He is a contributor to multiple Open Source projects as well as the community as a whole. He is also a former Core Team Member and Development Coordinator for the Joomla! project, as well as a former leader of its Security team. You can follow his blog at or on Twitter at @ircmaxell.


View all PHP presentations.

CSS JS minify thumbnail maker online API

free PHP thumbnail maker CSS & Javascript minify gzip pipeline online API and console

Free API and developer tools console for PageSpeed optimization.