4 Days left to get an iPad Pro, Surface Pro, or $400 Off with Online Training!


To attend this webcast, login to your SANS Account or create your Account.

Building a Content Security Policy

  • Tuesday, August 19th, 2014 at 1:00 PM EDT (17:00:00 UTC)
  • Eric Johnson
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


Content Security Policy is gaining traction as a strong client side mitigating control for preventing Cross-Site Scripting attacks. However, because it is a relatively new security feature with inconsistent browser support, we are seeing very few CSP implementations in production environments. In this talk, we will explore the features available in CSP 1.0, what is coming in CSP 1.1, and how you can go about building a CSP in your web applications. We will also cover a few CSP tools that are available, and how they can help automate the process.

Speaker Bio

Eric Johnson

In addition to being the Application Security Curriculum product manager at SANS, Eric is the lead author and instructor for DEV544 Secure Coding in .NET, as well as an instructor for DEV541 Secure Coding in Java/JEE. A senior security consultant at Cypress Data Defense, Eric's experience includes web and mobile application penetration testing, secure code review, risk assessment, static source code analysis, security research, and developing security tools. He currently holds the CISSP, GWAPT, GSSP-.NET, and GSSP-Java certifications.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.