addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgoogleimageimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

Mitigating Cross-site Scripting with Content-Security Policy

As information security professionals, we are constantly in a race against malicious attackers who typically have the lead. However, advances in modern browser security provide developers the opportunity to become far more proactive in addressing entire classes of vulnerabilities. One technology in particular known as Content-Security Policy (CSP), has a bright future in severely crippling cross-site scripting attacks. But the roll-out and implementation of this technology will drastically change how developers design web applications.

This talk looks into what Content-Security Policy is and how it works. We will then step through a variety of metrics from popular websites, taking into considerations which sites are already using CSP and which sites may have issues implementing this technology. Some strategies will be discussed to overcome the hurdles of implementing CSP.

About our presenters:

Scott Behrens is currently employed as a Senior Security Consultant at Neohapsis and an Adjunct Professor at DePaul University. An avid coder and researcher, he has contributed to a number of open source tools for both attack and defense. Scott has presented security research at DEF CON, DerbyCon, Security Forum Hagenberg, HackMiami, Security B-sides Chicago, and ISACA events. Scott has also published security white papers for InformationWeek magazine, the Infosec Institute, and the Neohapsis blog.

Patrick Thomas is a Security Consultant with over eight years of software development experience spanning multiple technologies and domains. Patrick is the creator of BlindElephant, a remote web application fingerprinting tool, and has spoken on web application security, web malware, exploit kits, and physical security at various conferences including Black Hat USA, DEF CON, SecTor and BayThreat.

Join or login to comment.

  • Anshul D.

    Looks like it was an excellent talk. Sorry to have missed it. Any chance the slide deck can be shared. Thanks.

    August 16, 2013

    • Karen

      same here. It will be great if the slide desk is available. Thanks.

      August 19, 2013

    • Ryan B.

      Unfortunately we havent been able to obtain/put up the slides yet but we are definitely trying

      August 19, 2013

  • A former member
    A former member

    These guys did a hell of a job. Even though I'm one of the few CSM'ers who isn't a web developer, I found the information to be valuable and that it was presented in a way that was easy to understand.

    August 16, 2013

    • Ryan B.

      Agreed. One of the best we've had for sure

      August 16, 2013

  • Bill

    Sorry to miss this.

    August 15, 2013

  • Chuck R.

    Looking forward to meeting this group and discussing proven solutions

    August 15, 2013

  • Ryan N.

    IT professional...looking to grow my security knowledge.

    August 12, 2013

  • A former member
    A former member

    Looking forward to another great session!

    August 11, 2013

  • Lou D.

    This looks like a really interesting topic. I hope I can make it!

    July 30, 2013

  • Christine P.

    For anyone interested in other meetups in the Chicago area, Tech in Motion's next event is tomorrow night! Details here: http://www.meetup.com/TechinMotionChicago/events/125131442/
    It's at 1871 in Merch Mart, featuring several moving-related start-ups in the Chicago area and talking about how they decided to collaborate with each other/the benefits of strategic collaboration. Hope you can make it!

    3 · July 9, 2013

  • nicolai s.

    C ant wait

    June 12, 2013

Our Sponsors

  • Workbridge

    Free beer and pizza and a place to meet in The Loop

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy