W3C Content Security Policy & HTTP Headers for Security
Would you like a way to improve the security of your web application without having to change any code but just add several HTTP headers. In this session, David takes you through existing HTTP headers that can be used to improve security with modern web browsers. He also goes in depth on W3C Content Security Policy which makes it much more difficult to exploit Cross-Site Scripting (XSS) by explicitly telling the broswer where it can load resources. Main Points: * HTTP Headers for security * X-Frame-Options * X-XSS-Protection * X-Content-Type-Options * HTTP Strict Transport Security * W3C Content Security Policy Target Audience: Developers and system/web administrators Assumed Knowledge: Understanding of what an HTTP Header is
About David Epler
Security Architect with AboutWeb in Rockville, MD. Spoke at NCDevCon previously, dev.Objective(), CF Summit, various User groups
Follow David Epler on Twitter