
Summary
Security researcher Scott Helme tells me how Content Security Policy and SubResource Integrity are used to fight cross-site scripting.
Details
Who he is, what he does. What cross site scripting is; well known examples; how it works; crypto mining with cross site scripting (XSS). Input validation, output encoding, more frameworks are handling validation. Content Security Policy (CSP), what it is, how it works; trusting CDNs; how to use CSP on a site, CSP Wizard, browser support; future changes. Subresource Integrity, what it is, how it works; trusting third party scripts; what happens if script fails validation. NoScript, browser extensions, DNS filters and VPNs. Scott's upcoming events; training.
Links
Scott's blog
Great show. CSP and SRI are two things I see under-utilized but are so easy to implement. Somehow I missed that CSP can require SRI and I will be adding that to our development standards right away.
Glad to hear you like it!