XSS is still one of the most dominant vulnerabilities of the web. Since its discovery, quite a few countermeasures have been invented. During this workshop, you will learn techniques to combat XSS. I will introduce you to the concept of defense in depth, also known as the castle approach. We will take a look at various defense mechanisms step-by-step, examining their pros and cons as well as their limitations. The hands-on part of the workshop is organized into modules. First, we will try to prevent the XSS payload from reaching the browser intact. Second, we will take a look at what to do if our attempts in the first step failed. Lastly, we will discuss how to combine these practices to achieve true defense in depth. The hands-on part of the workshop requires git, Docker, a text editor and a modern browser.