Check the online version, I often update my slides.
They say that attackers need to be lucky just once and defenders need to be lucky always. I call bullfish. I mean just look at a castle. Yeah, any castle. Not being lucky always is part of the design: moat, high walls, laser towers and tesla coils. Let's build web apps the same way and let's explain it on XSS, the attack first described 20 years ago. Because manually calling
htmlspecialchars() is so 90s. We'll talk about templating engines, XSS Filters, Content Security Policy and more.
Date and event
January 14, 2019, PHP UserGroup Dresden Meetup I/2019 – CTF & Security (talk duration 45 minutes)