Defeating Cross-Site Scripting with Content Security Policy

A session at OWASP New Zealand Day

Friday 31st August, 2012

11:00am to 11:20am (NZMT)

Cross-site scripting vulnerabilities are very common in web applications. They have been in the OWASP top 10 for a while and are routinely used by attackers.

There are simple guidelines that one can follow to prevent XSS bugs and most of the web frameworks out there offer some level of protection but at the end of the day, it's easy to make a mistake.

Content Security Policy adds another layer to a website's defenses: browser-enforced restrictions against external resources or unauthorized scripting. An extra response header instructs browsers to enforce a policy set by the server administrator.

About the speaker

This person is speaking at this event.
François Marier

Passionate about decentralization and software freedom. Engineer at Mozilla.

Coverage of this session

Sign in to add slides, notes or videos to this session

Tell your friends!

When

Time 11:00am11:20am NZMT

Date Fri 31st August 2012

Short URL

lanyrd.com/sxfyp

Official event site

www.owasp.org/…Zealand_Day_2012

View the schedule

Share

Topics

See something wrong?

Report an issue with this session