Building a Content Security Policy
- Tuesday, August 19th, 2014 at 1:00 PM EDT (17:00:00 UTC)
- Eric Johnson
You can now attend the webcast using your mobile device!
Content Security Policy is gaining traction as a strong client side mitigating control for preventing Cross-Site Scripting attacks. However, because it is a relatively new security feature with inconsistent browser support, we are seeing very few CSP implementations in production environments. In this talk, we will explore the features available in CSP 1.0, what is coming in CSP 1.1, and how you can go about building a CSP in your web applications. We will also cover a few CSP tools that are available, and how they can help automate the process.
In addition to being the Application Security Curriculum product manager at SANS, Eric is the lead author and instructor for DEV544 Secure Coding in .NET, as well as an instructor for DEV541 Secure Coding in Java/JEE. A senior security consultant at Cypress Data Defense, Eric's experience includes web and mobile application penetration testing, secure code review, risk assessment, static source code analysis, security research, and developing security tools. He currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications.