A Hacker's Perspective: Content Security Policy

There are only two great reasons to be confident that Cross-Site Scripting vulnerabilities aren't your problem; Either you don't understand them, or you have a well-constructed Content Security Policy (CSP). In this session, you will receive a brief review of Cross-Site Scripting and get a detailed description of CSP from the perspective of a professional pentester. You will learn why CSP is such a critical control and experience some live demonstrations of specific CSP directives in action. This session is for everyone building or maintaining web applications who want to understand the best way to protect them from cross-site scripting attacks.