The date for the release of slides and videos has not been determined.  
Please, visit the event site for further information.
Back To Schedule
Wednesday, May 29 • 1:30pm - 2:00pm
Trusted Types: End-to-end injection safety at scale

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
18 years have passed since Cross-Site Scripting (XSS) became the single most common security problem in web applications. Since then, numerous efforts have been proposed to detect, fix or mitigate it, but these piecemeal efforts have not combined to make it easy to produce XSS-free code.

This talk explains how Google’s security team has achieved a high-level of safety against XSS and related problems by integrating tools to make it easier for developers to easier to produce secure software than vulnerable, and to bound the portion of a code base that could contribute to a vulnerability.

We will show how this works in practice and end with advice on how to achieve the same results on widely-used, open-source stacks and new browser mechanisms that will make it much easier to achieve high-levels of security with good developer experience.

avatar for Krzysztof Kotowicz

Krzysztof Kotowicz

Senior Software Engineer, Information Security Engineering team, Google
Krzysztof Kotowicz is a web security researcher specializing in discovery and exploitation of client-side vulnerabilities, and a software engineer in the Information Security Engineering team at Google. Speaker at various security conferences (ACM CCS 2017, Black Hat USA 2017, OWASP... Read More →
avatar for Mike Samuel

Mike Samuel

Software Engineer
Mike Samuel works on Google's technical infrastructure team improving libraries and programming languages to make it easier to produce secure & robust software.Mike has worked on JavaScript sandboxing, the Secure EcmaScript and other language committee proposals, making template languages... Read More →

Wednesday May 29, 2019 1:30pm - 2:00pm IDT
Hall C