Content Security Policy in the Wild

Arne Blankerts | Connect.JS |

Cross Site Scripting (XSS) is a security vulnerability as old as the web. Despite continuous efforts to educate developers to properly escape values before outputting, though, XSS vulnerabilities are still a common problem. The Content Security Policy (CSP) was developed to mitigate XSS attacks at the browser-level. This talk will introduce you to the feature set of this W3C standard, to what degree current browsers already support it, and how easy it is to enhance the security of your own web application based on various practical examples and common scenarios.

About the presenter

Arne Blankerts

Arne Blankerts has solutions ready before others have even understood the problem.