Building a Content Security Policy

  • Tuesday, 19 Aug 2014 1:00PM EDT (19 Aug 2014 17:00 UTC)
  • Speaker: Eric Johnson

Content Security Policy is gaining traction as a strong client side mitigating control for preventing Cross-Site Scripting attacks. However, because it is a relatively new security feature with inconsistent browser support, we are seeing very few CSP implementations in production environments. In this talk, we will explore the features available in CSP 1.0, what is coming in CSP 1.1, and how you can go about building a CSP in your web applications. We will also cover a few CSP tools that are available, and how they can help automate the process.