Content Security Policy

Arne Blankerts | International PHP Conference |

The end of Cross Site Scripting? Cross Site Scripting – or short XSS – is a security vulnerability as old as the web. Despite continuous efforts to educate developers to properly escape values before outputting though XSS are still a common problem. To mitigate XSS attacks at the browser level Mozilla developed a new by now W3C standard called Content Security Policy (CSP). This talk will introduce you to the feature set of the CSP, to what degree current browsers already support it and how easy it is to enhance the security of your own web application.

3 / 100 [*]
Als PDF speichern

Über den Referenten

Arne Blankerts

Arne Blankerts hat schon Lösungen parat, bevor andere ein Problem erkannt haben.