Defeating Cross-Site Scripting with Content Security Policy (updated)

Defeating Cross-Site Scripting with Content Security Policy (updated)

How a new HTTP response header can help increase the depth of your web application defenses.

Also includes a few slides on HTTP Strict Transport Security, a header which helps protects HTTPS sites from sslstrip attacks.

0110e86fdb31486c22dd381326d99de9?s=128

Francois Marier

January 29, 2013
Tweet