Check the online version, I often update my slides.

Talk detail

They say that attackers need to be lucky just once and defenders need to be lucky always. I call bullfish. I mean just look at a castle. Yeah, any castle. Not being lucky always is part of the design: moat, high walls, laser towers and tesla coils. Let's build web apps the same way and let's explain it on XSS, the attack first described 20 years ago. Because manually calling htmlspecialchars() is so 90s. We'll talk about templating engines, XSS Filters, Content Security Policy and more.

Date and event

January 14, 2019, PHP UserGroup Dresden Meetup I/2019 – CTF & Security (talk duration 45 minutes)


Michal Špaček

Michal Špaček

I build web applications and I'm into web application security. I like to speak about secure development. My mission is to teach web developers how to build secure and fast web applications and why.

Public trainings

Come to my public trainings, everybody's welcome: