Secure HTTP Headers or How I can finally convince management to let go of IE6

A session at COCON 2011

Saturday 8th October, 2011

2:00pm to 2:50pm (HMT)

Web site users are facing new and improved threats nowadays. These range from clickjacking, json injection to likejacking among others. Companies like Google, Mozilla, Microsoft etc. have started implementing new HTTP response headers to counter some of the advanced attacks against their website users. Some of the new attacks aren't well understood by the application developers and hence they aren’t using the new secure headers supported by the new browsers. This is either due to ignorance or in order to keep supporting older insecure browsers versions of Internet Explorer.

This talk we will walkthrough what these attacks are, how this various security headers protect the web application users and what is the status of compatibility currently.

We will show attacks which work against users in the older insecure browsers and how they are rendered ineffective against the new breed of browsers which understand the new set of secure headers. We will also make a strong case for upgrading all internet users from older insecure browsers to the newer versions.

The talk will include talking points security folks can use in their discussions internally to make a point about upgrading to new and secure browsers.

About the speaker

This person is speaking at this event.
Akash Mahajan

That Web Application Security Guy

Coverage of this session

Sign in to add slides, notes or videos to this session

COCON 2011

India India, Kochi

7th8th October 2011

Tell your friends!


Time 2:00pm2:50pm HMT

Date Sat 8th October 2011

Short URL


View the schedule



See something wrong?

Report an issue with this session