According to OWASP (Open Web Application Security Project), "XSS (Cross-Site Scripting) is the second most prevalent issue in the OWASP Top 10 (Web Application Security Risks), and is found in around two-thirds of all applications" and stands at number 7 overall in their ranking.
Many web application frameworks have integrated features to help mitigate XSS, but there are attack vectors that cannot be dealt with by input sanitization. Do you know what domains your application is loading resources from or what is being executed in your users' browsers when they visit your site?
Content Security Policy is a configurable set of restrictions and reporting tools built into modern web browsers. Developers can take advantage of these tools to lock down their sites and ensure the security of users and their data.
Through a series of demos we will see examples of XSS, an overview of Content Security Policy's feature set, and finally, how we might implement it in a web application.
Presentation by Sean Wright:
Sponsored by Robert Half Technology & The Software Guild:
6:00pm - 6:30pm Arrival and Networking
6:30pm - 7:30pm Presentation
7:30pm - 9:00pm Apps & Drinks @ The Barley House