CSP is an incredibly simple yet amazingly powerful security feature that is now widely supported by browsers. Scott looks at some of the headline features of CSP with demonstrations of attack prevention and some of its lesser known uses too.

Did you know that besides mitigating XSS attacks, CSP can also stop click-jacking attacks, neutralise mixed-content, kill ad-injectors and even help you migrate from HTTP to HTTPS?

Additional links:


About the speaker

Scott Helme
Scott Helme

About the conference

dotSecurity 2016
The Security Conference for Developers
Next edition: dotSecurity 2017 in Paris, France. Tickets available now!

Liked this talk? Share it!

Comments

comments powered by Disqus