Podcast on CSP – The Last Line of XSS Defense

Watch episode #536 of Paul’s Security Weekly in which Sven Morgenroth, our security researcher, explains and shows how you can use Content Security Policy (CSP) to protect your website from cross-site scripting vulnerabilities.

Scanning a web application for vulnerabilities and ensuring it is secure is an essential task in every web application development project. But there are other things you can leverage to improve the security posture of your web applications, such as Content Security Policy (CSP).

Watch our Security Researcher, Sven Morgenroth, deliver a presentation and demo about the CSP during episode #536 of Paul’s Security Weekly. During the podcast Sven does the following:

  • Explains what CSP is
  • Explains some CSP directives and how to use them
  • Shows some of the most common mistakes one can make when configuring CSP,
  • Explains how CSP helps in preventing cross-site scripting vulnerabilities on your web applications

During the podcast, Sven also runs a demo to show the effect Content Security Policy directives have when used to protect a web application, and highlights some best practices. Sven also shows how you can use the Netsparker web application security scanner to ensure your Content Security Policy is airtight, or better, hacker tight!

Slides for Content Security Policy Presentation & Demo

Here are the slides Sven used during the presentation and demo of the Content Security Policy.