Talk Intermediate 11:00 - 11:30 August 09, 2024

jen-ozmen

Aaron Shim

Cross-site scripting (XSS) remains a top web vulnerability. Google has invested heavily in defenses, and in this talk, we'll share our blueprint for protecting your code. We'll discuss how we implemented runtime and compile-time protections across hundreds of products used by billions, highlighting technical lessons and best practices. We'll also glimpse into the future of anti-XSS defenses and explore how we can make the web safer for everyone.

jen-ozmen

Software Engineer at Google's Web Security Team

Jen Ozmen is a Software Engineer at Google, where she works on the Information Security Engineering team, focusing on defense-in-depth mechanisms against common web vulnerabilities. She is passionate about building secure and reliable software, and she is always looking for new ways to improve the security of Google's web ecosystem. She is an active member of the tech community and enjoys sharing her knowledge through presentations at conferences like LibertyJS and Frontrunners DC.


Aaron Shim

Senior Software Engineer @ Google

Aaron is a Senior Software Engineer at Google working on product security across all of Google's user facing webapps. Bridging the gap between security and development work, he has worked on product teams at both Google and Microsoft in the past, including Docs, GCP, and Visual Studio. He is extremely passionate about the developer experience and committed to empowering every dev to build the most secure and delightful products.