Get Lanyrd on your mobile (iPhone, Android and more) - check it out here

Defeating Cross-Site Scripting with Content Security Policy

A session at OWASP New Zealand Day

Cross-site scripting vulnerabilities are very common in web applications. They have been in the OWASP top 10 for a while and are routinely used by attackers.

There are simple guidelines that one can follow to prevent XSS bugs and most of the web frameworks out there offer some level of protection but at the end of the day, it's easy to make a mistake.

Content Security Policy adds another layer to a website's defenses: browser-enforced restrictions against external resources or unauthorized scripting. An extra response header instructs browsers to enforce a policy set by the server administrator.

About the speaker

This person is speaking at this event.
François Marier

Free and Open Source software developer

Coverage of this session

Sign in to add slides, notes or videos to this session

OWASP New Zealand Day

New Zealand New Zealand, Auckland

31st August 2012

Tell your friends!

When

Time 11:00am11:20am NZMT

Date Fri 31st August 2012

Short URL

lanyrd.com/sxfyp

Official event site

www.owasp.org/…Zealand_Day_2012

View the schedule

Topics

See something wrong?

Report an issue with this session

Faq · Blog · Services · Colophon

Privacy + Cookies · Email us