Back To Schedule
Wednesday, November 20 • 12:00pm - 12:50pm
Build but don't break: Lessons in Implementing HTTP Security Headers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Content Security Policy is a new standard from the WC3 that aims to help stop a mainstay of the OWASP top 10, cross-site scripting (XSS). The problem faced by many major sites today is how to craft a working content security policy that works for already existing applications. We will discuss real world techniques to simplify policy generation and testing, as well as discuss what changes are coming in CSP version 1.1. I will also discussion additional security headers such as X-Frame-Options to stop clickjacking and HTTP Strict Transport Security to stop man-in-the-middle attacks.

avatar for Kenneth Lee

Kenneth Lee

Product Security Engineer, Etsy
AppSec Engineer @ Etsy. Loves pentests, code reviews, and a good cup of tea. Twitter: @kennysan Github: https://github.com/kennysan

Wednesday November 20, 2013 12:00pm - 12:50pm EST
Belasco & Broadhurst (5th Floor) NY Marriott Marquis

Attendees (0)