December 5-7, 2016
Vancouver, Canada

Content Security Policy (CSP): Rest in Peace, XSS!

Cross-Site Scripting is one of the main risks for web applications - a position it has heal for over a decade! With Content Security Policy, this threat may finally come to an end. The W3C standard provides techniques to close many XSS vectors, offers fine-grained control over the security limitations you impose, and enjoys a decent browser support. We will show what CSP is capable of and also discuss how you may need to refactor your website.

View all 104 sessions

Christian Wenz

Arrabiata Solutions GmbH

Christian Wenz is an author, consultant and trainer focussing on web technologies and web application security. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, and is the lead author of the Zend PHP 5.3 and 5.5 certifications. His day job at Arrabiata Solutions includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right mix of web technologies.

Read More

Comments

Please remain courteous and constructive. Comments will be moderated.

Vancouver 2016 sponsored by