W3C Content Security Policy & HTTP Headers for Security
Would you like a way to improve the security of your web application without having to change any code but just add several HTTP headers. In this session, David takes you through existing HTTP headers that can be used to improve security with modern web browsers. He also goes in depth on W3C Content Security Policy which makes it much more difficult to exploit Cross-Site Scripting (XSS) by explicitly telling the broswer where it can load resources. Main Points: * HTTP Headers for security * X-Frame-Options * X-XSS-Protection * X-Content-Type-Options * HTTP Strict Transport Security * W3C Content Security Policy Target Audience: Developers and system/web administrators Assumed Knowledge: Understanding of what an HTTP Header is
About David Epler
David Epler is a Full Stack Security Engineer at InVisionApp squashing security bugs and issues. He also works with outside penetration testers through the bug bounty programs that InVisionApp uses.
Follow David Epler on Twitter