Check the online version, I often update my slides.

Talk detail

The name Cross-Site Scripting (XSS) was coined in January 2000 by a small group of Microsoft security engineers. Today, almost 17 years later, it's still widely used to attack web apps, users, and browsers. Let's go beyond alert(1) and let's see what else we can do to stop the attack. You'll fall in love with Content Security Policy (CSP) after seeing this talk, guaranteed*.

* Terms and Conditions may apply

Details on the event website

Date and event

November 26, 2016, Drupal IronCamp (talk duration 45 minutes)

Michal Špaček

Michal Špaček

I build web applications and I'm into web application security. I like to speak about secure development. My mission is to teach web developers how to build secure and fast web applications and why.

Public trainings

Come to my public trainings, everybody's welcome:

HTTPS for developers and admins
(December 8–9, 2020 )

PHP application security
(December 14–17, 2020 )