This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, October 13 • 9:15am - 9:25am
Lightning Talk - Demystifying CSP

Sign up or log in to save this to your schedule and see who's attending!

There have been many attempts to make the Web a more secure place, or at least make it harder to attack web applications. One of them is CSP, Content Security Policy. In my talk, I will cover history of CSP, how it evolves from its original version, and what features will be available in the near future.
One of the challenges in deploying CSP is to understand what versions and directives are supported by different web browsers. In this presentation, I will share current CSP compatibility matrix for major web browsers to provide better understanding of CSP support. I will also demonstrate a framework that I developed to make it easy for anyone to run the same CSP feature set of tests to inspect the results as well as to add new feature check.
In the last part of the presentation, I will show the usage of CSP by Alexa top web sites and how good their CSP policies are. I will also explain common CSP mistakes and strategies to fix them. Last but not least, I will demonstrate various tools, frameworks and libraries which would be useful to improve CSP policies.

avatar for Ilya Nesterov

Ilya Nesterov

Engineering manager, Shape Security
Ilya Nesterov is currently an engineering manager at Shape Security, where he is responsible for product quality. Prior to Shape, Ilya led QA teams at F5 and earned his master’s degree from Tomsk Polytechnic University. His area of interest is web application security, in particular identifying vulnerabilities using software testing and automation techniques. His mission is to automate things and make the Internet a safer place.

Thursday October 13, 2016 9:15am - 9:25am
Room C

Attendees (66)