Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, November 20 • 12:00pm - 12:50pm
Build but don't break: Lessons in Implementing HTTP Security Headers

Sign up or log in to save this to your schedule and see who's attending!

Content Security Policy is a new standard from the WC3 that aims to help stop a mainstay of the OWASP top 10, cross-site scripting (XSS). The problem faced by many major sites today is how to craft a working content security policy that works for already existing applications. We will discuss real world techniques to simplify policy generation and testing, as well as discuss what changes are coming in CSP version 1.1. I will also discussion additional security headers such as X-Frame-Options to stop clickjacking and HTTP Strict Transport Security to stop man-in-the-middle attacks.

Speakers
avatar for Kenneth Lee

Kenneth Lee

Product Security Engineer, Etsy
AppSec Engineer @ Etsy. Loves pentests, code reviews, and a good cup of tea. | Twitter: @kennysan | Github: https://github.com/kennysan


Wednesday November 20, 2013 12:00pm - 12:50pm
Belasco & Broadhurst (5th Floor) NY Marriott Marquis