discussions on software development
#115 Scott Helme, Fighting Cross-Site Scripting with Content Security Policy and Subresource Integrity
Summary
Security researcher Scott Helme tells me how Content Security Policy and Subresource Integrity are used to fight cross site scripting.
Details
Who he is, what he does. What cross site scripting is; well known examples; how it works; crypto mining with cross site scripting (XSS). Input validation, output encoding, more frameworks are handling validation. Content Security Policy (CSP), what it is, how it works; trusting CDNs; how to use CSP on a site, CSP Wizard, browser support; future changes. Subresource Integrity, what it is, how it works; trusting third party scripts; what happens if script fails validation. NoScript, browser extensions, DNS filters and VPNs. Scott's upcoming events; training.