JSMVCOMFG - To sternly look at JavaScript MVC and Templating Frameworks
In the DOM, no one will hear you scream
Scriptless Attacks - Stealing the Pie without touching the Sill
The innerHTML Apocalypse
Locking the Throne Room - How ES5+ might change views on XSS and Client Side Security
Locking the Throneroom 2.0
Dev and Blind - Attacking the weakest Link in IT Security
HTML5 - The Good, the Bad, the Ugly
The Future of Web Attacks - CONFidence 2010
Generic Attack Detection - ph-Neutral 0x7d8
The Ultimate IDS Smackdown
JavaScript From Hell - CONFidence 2.0 2009
The Image that called me - Active Content Injection with SVG Files
ECMAScript 6 from an Attacker's Perspective - Breaking Frameworks, Sandboxes, and everything else
Copy & Pest - A case-study on the clipboard, blind trust and invisible cross-application XSS
An Abusive Relationship with AngularJS