What is your Content Security Policy?

Akron Software Craftsmanship
Akron Software Craftsmanship
Public group

The Bit Factory

526 S. Main St, Suite 511 · Akron, OH

How to find us

The Bit Factory is on the 5th floor of The Bounce Innovation Hub. Google Maps will get you there! Suite 511, 526 S Main St, Akron, OH 44311

Location image of event venue

Details

According to OWASP (Open Web Application Security Project), "XSS (Cross-Site Scripting) is the second most prevalent issue in the OWASP Top 10 (Web Application Security Risks), and is found in around two-thirds of all applications" and stands at number 7 overall in their ranking.

Many web application frameworks have integrated features to help mitigate XSS, but there are attack vectors that cannot be dealt with by input sanitization. Do you know what domains your application is loading resources from or what is being executed in your users' browsers when they visit your site?

Content Security Policy is a configurable set of restrictions and reporting tools built into modern web browsers. Developers can take advantage of these tools to lock down their sites and ensure the security of users and their data.

Through a series of demos we will see examples of XSS, an overview of Content Security Policy's feature set, and finally, how we might implement it in a web application.

Presentation by Sean Wright:
https://www.seangwright.me
https://www.linkedin.com/in/sgalenwright/
https://twitter.com/seangwright

Wired Views:
https://www.wiredviews.com/portfolio

Sponsored by Robert Half Technology & The Software Guild:
https://www.rht.com/
https://www.thesoftwareguild.com/

Schedule:
6:00pm - 6:30pm Arrival and Networking
6:30pm - 7:30pm Presentation
7:30pm - 9:00pm Apps & Drinks @ The Barley House