Content Security Policy – The end of Cross Site Scripting?

Cross Site Scripting, or short XSS, is a security vulnerability as old as the web. Despite continuous efforts to educate developers to properly escape values before outputting though XSS are still a common problem. To mitigate XSS attacks at the browser level Mozilla developed a new by now W3C standard called Content Security Policy (CSP). This talk will introduce you to the feature set of the CSP, to what degree current browsers already support it and how easy it is to enhance the security of your own web application.