This talk is in Russian, but the English subtitles made it easy for me to follow anyhow. He cuts straight to the demos, which I appreciate.

Not only does he show XSS in action with cookie stealing, but he also shows mitigation techniques with tests. Good stuff, Valentin! Thanks for submitting this.