Implementing Content Security Policy at a Large Scale

5b723186bd1e23af569bd623f193a2b9?s=47 oxdef
November 17, 2017

Implementing Content Security Policy at a Large Scale

The reality is that XSSs are there, despite of the development of built-in security mechanisms of modern browsers and frameworks with escaping enabled by default. The Content Security Policy seems to be a quite powerful countervailing measure, while it is an open standard. Yandex have gained extensive expertise in implementing CSP at a large scale. In this talk we will discuss tips and tricks for implementing the technology in many services.

ZeroNights 2017



November 17, 2017