Content Security Policy in the Wild

Cross Site Scripting (XSS) is a security vulnerability as old as the web. Despite continuous efforts to educate developers to properly escape values before outputting, though, XSS vulnerabilities are still a common problem. The Content Security Policy (CSP) was developed to mitigate XSS attacks at the browser-level. This talk will introduce you to the feature set of this W3C standard, to what degree current browsers already support it, and how easy it is to enhance the security of your own web application based on various practical examples and common scenarios.