Name: Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail
Start: 2024-09-27T10:30:00-0700
End: 2024-09-27T11:15:00-0700

THE MUST ATTEND EVENT FOR CYBERSECURITY PROFESSIONALS

Friday September 27, 2024 10:30am - 11:15am PDT

Room: Grand Ballroom

When a web application needs to safely render the user’s input as HTML, e.g., to enable rich text formatting, sanitization would be the solution. Generally speaking, sanitizing user input should be done on the server side, right? Well, this is not so obvious for XSS mitigation. While sanitizing on the client side sounds counterintuitive at first, in this talk, we will explain not only why it makes sense for HTML but also why it is important to do so. This talk showcases common pitfalls of sanitizing HTML server-side and dives into multiple interesting real-world vulnerabilities.

Speakers

Yaniv Nizry

Vulnerability Researcher, SonarSource

Yaniv Nizry (@YNizry) is a Vulnerability Researcher at Sonar, where he leverages his expertise to identify and mitigate vulnerabilities in complex systems. Starting his way as a software engineer, he shifted his focus while serving in the IDF's 8200 unit, where he gained experience... Read More →

Friday September 27, 2024 10:30am - 11:15am PDT
Room: Grand Ballroom

Breakout: Breaker Track

Audience Beginner

OWASP 2024 Global AppSec San Francisco

Yaniv Nizry

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!