Defeating Cross-Site Scripting with Content Security Policy

A session at OWASP New Zealand Day

Friday 31st August, 2012

11:00am to 11:20am (NZMT)

Cross-site scripting vulnerabilities are very common in web applications. They have been in the OWASP top 10 for a while and are routinely used by attackers.

There are simple guidelines that one can follow to prevent XSS bugs and most of the web frameworks out there offer some level of protection but at the end of the day, it's easy to make a mistake.

Content Security Policy adds another layer to a website's defenses: browser-enforced restrictions against external resources or unauthorized scripting. An extra response header instructs browsers to enforce a policy set by the server administrator.

About the speaker

This person is speaking at this event.
François Marier

Passionate about decentralization and software freedom. Security & privacy engineer at Mozilla.

Coverage of this session

Sign in to add slides, notes or videos to this session

Tell your friends!


Time 11:00am11:20am NZMT

Date Fri 31st August 2012

Short URL


Official event site


View the schedule



See something wrong?

Report an issue with this session