Sign up to save your podcasts
Or
Share #115 Scott Helme, Fighting Cross-Site Scripting with Content Security Policy and Subresource Integrity
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
#115 Scott Helme, Fighting Cross-Site Scripting with Content Security Policy and Subresource Integrity
Summary
Security researcher Scott Helme tells me how Content Security Policy and Subresource Integrity are used to fight cross site scripting.
Details
Who he is, what he does. What cross site scripting is; well known examples; how it works; crypto mining with cross site scripting (XSS). Input validation, output encoding, more frameworks are handling validation. Content Security Policy (CSP), what it is, how it works; trusting CDNs; how to use CSP on a site, CSP Wizard, browser support; future changes. Subresource Integrity, what it is, how it works; trusting third party scripts; what happens if script fails validation. NoScript, browser extensions, DNS filters and VPNs. Scott's upcoming events; training.
Full show notes
View all episodes
By Bryan Hogan
5
55 ratings
Summary
Security researcher Scott Helme tells me how Content Security Policy and Subresource Integrity are used to fight cross site scripting.
Details
Who he is, what he does. What cross site scripting is; well known examples; how it works; crypto mining with cross site scripting (XSS). Input validation, output encoding, more frameworks are handling validation. Content Security Policy (CSP), what it is, how it works; trusting CDNs; how to use CSP on a site, CSP Wizard, browser support; future changes. Subresource Integrity, what it is, how it works; trusting third party scripts; what happens if script fails validation. NoScript, browser extensions, DNS filters and VPNs. Scott's upcoming events; training.
Full show notes