This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, May 11 • 15:00 - 15:15
CSP Pitfalls and Gotchas

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Content Security Policy is one of most complicated and powerful security layers which helps to detect and mitigate data injection attacks such as XSS. Despite its power and support by all modern browsers, its usage by web application developers is surprisingly low. In this presentation I’ll explain common misunderstanding of different CSP concepts and we’ll dive deep into examples to understand better what leads to successful CSP violations and how to prevent it. Do you worry about adding CSP into production because some of your users still use CSP 1 or CSP 2 compatible browsers and you scary about needs to implement dynamic CSP? Don’t worry, we’ll talk about CSP backward compatibility and how to make policy, which work for all versions. I’ll also explain latest changes in CSP level 3 specification and features you can already use to make your application even more secure and process of adding CSP to your web-app much more easier.

avatar for Ilya Nesterov

Ilya Nesterov

Shape Security
Ilya Nesterov is currently an engineering manager at Shape Security. Prior to Shape, Ilya worked at F5 Networks, and earned his master's degree from Tomsk Polytechnic University. His interests include, but are not limited to, modern Web Application security threats and countermea... Read More →

Thursday May 11, 2017 15:00 - 15:15
Waterfront Center: Lightning Room

Attendees (12)