#115 Scott Helme, Fighting Cross-Site Scripting with Content Security Policy and Subresource Integrity


Security researcher Scott Helme tells me how Content Security Policy and SubResource Integrity are used to fight cross-site scripting.


Who he is, what he does. What cross site scripting is; well known examples; how it works; crypto mining with cross site scripting (XSS). Input validation, output encoding, more frameworks are handling validation. Content Security Policy (CSP), what it is, how it works; trusting CDNs; how to use CSP on a site, CSP Wizard, browser support; future changes. Subresource Integrity, what it is, how it works; trusting third party scripts; what happens if script fails validation. NoScript, browser extensions, DNS filters and VPNs. Scott’s upcoming events; training.


Download mp3 of podcast

comments powered by Disqus