47% of all web applications have a cross-site-scripting vulnerability, and this potential security flaw ranks in the top three classes of all vulnerabilities.[1]
A Content Security Policy is a systematic way to block these attacks, by whitelisting allowed sources of script, style, and other resources. The holy grail – blocking "unsafe-inline" code – offers the strongest defense, but can be a big surprise for front-end developers when inline scripts and styles stop working!
[1] Source: White Hat Security, 2015 Website Security Statistics Report
Session Takeaways:
Developers will learn when and why to add a Content Security Policy to your web project, and how to successfully implement it. You'll also learn how to troubleshoot existing policies, and refactor JavaScript to remove unsafe inline code.
- Log in to post comments
Comments
Dylan Tack replied on Permalink
Slides
Slides are available at:
http://www.metaltoad.com/sites/default/files/DrupalCampLA_Content_Securi...