NCDevCon 2016 Session-W3C Content Security Policy & HTTP Headers for Security

W3C Content Security Policy & HTTP Headers for Security

Would you like a way to improve the security of your web application without having to change any code but just add several HTTP headers. In this session, David takes you through existing HTTP headers that can be used to improve security with modern web browsers. He also goes in depth on W3C Content Security Policy which makes it much more difficult to exploit Cross-Site Scripting (XSS) by explicitly telling the broswer where it can load resources. Main Points: * HTTP Headers for security * X-Frame-Options * X-XSS-Protection * X-Content-Type-Options * HTTP Strict Transport Security * W3C Content Security Policy Target Audience: Developers and system/web administrators Assumed Knowledge: Understanding of what an HTTP Header is

About David Epler

David Epler

Security Architect with AboutWeb in Rockville, MD. Spoke at NCDevCon previously, dev.Objective(), CF Summit, various User groups

Follow David Epler on Twitter

Ready to Register for NCDevCon?

Eventbrite - NCDevCon 2016 - North Carolina's Premier Web Conference

There are no comments yet...Kick things off by filling out the form below.

Leave a Comment

Leave this field empty: