NCDevCon 2017 Session-W3C Content Security Policy & HTTP Headers for Security

W3C Content Security Policy & HTTP Headers for Security

Would you like a way to improve the security of your web application without having to change any code but just add several HTTP headers. In this session, David takes you through existing HTTP headers that can be used to improve security with modern web browsers. He also goes in depth on W3C Content Security Policy which makes it much more difficult to exploit Cross-Site Scripting (XSS) by explicitly telling the broswer where it can load resources. Main Points: * HTTP Headers for security * X-Frame-Options * X-XSS-Protection * X-Content-Type-Options * HTTP Strict Transport Security * W3C Content Security Policy Target Audience: Developers and system/web administrators Assumed Knowledge: Understanding of what an HTTP Header is

About David Epler

David Epler

David Epler is a Full Stack Security Engineer at InVisionApp squashing security bugs and issues. He also works with outside penetration testers through the bug bounty programs that InVisionApp uses.

Follow David Epler on Twitter

Ready to Register for NCDevCon?

Eventbrite - NCDevCon 2017 - North Carolina's Premier Web Conference

Want to tweet about this?

There are no comments yet...Kick things off by filling out the form below.

Leave a Comment

Leave this field empty: