#115 Scott Helme, Fighting Cross-Site Scripting with Content Security Policy and Subresource Integrity

Feb 18, 2019 # Content Secuirty Policy, CSP, Security, SRI, Subresource Integrity, XSS

Summary

Security researcher Scott Helme tells me how Content Security Policy and SubResource Integrity are used to fight cross-site scripting.

Details

Who he is, what he does. What cross site scripting is; well known examples; how it works; crypto mining with cross site scripting (XSS). Input validation, output encoding, more frameworks are handling validation. Content Security Policy (CSP), what it is, how it works; trusting CDNs; how to use CSP on a site, CSP Wizard, browser support; future changes. Subresource Integrity, what it is, how it works; trusting third party scripts; what happens if script fails validation. NoScript, browser extensions, DNS filters and VPNs. Scott’s upcoming events; training.

Links

Scott’s blog

Scott’s CSP Wizard

Download mp3 of podcast

Content Secuirty Policy CSP Security SRI Subresource Integrity XSS

#115 Scott Helme, Fighting Cross-Site Scripting with Content Security Policy and Subresource Integrity

Related