Loading…
Join us at AppSec California 2014!


AppSec California is the first of hopefully many annual conferences hosted by all of the California chapters. Join us on the beaches of Santa Monica which is closest to our Los Angeles Chapter. Space is limited to around 200 attendees so be sure to get your ticket before we sell out!

Come a little early or stay the rest of the week; however you enjoy it, the weather is likely going to be warmer than where you are. Enjoy the Santa Monica pier and downtown area or explore the surrounding cities. You probably have a client or 10 near by too so say hello to them too.

Stay tuned as activities around the event are updated and more speakers are added to the lineup. A schedule will come at some point.


Register today! 
Back To Schedule
Tuesday, January 28 • 11:30am - 12:30pm
What is CSP and why haven't you applied it yet?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share
It’s 2013, and cross-site scripting is still on the OWASP top 10, ten years after it was in the number four slot on the same list. Cross-site scripting, although seemingly easy to remediate, continues to be problematic for developers, as edge cases crop up where the typical mitigation strategies are confusing. However advances in modern browser security provide developers the opportunity to become far more proactive in addressing this vulnerability class using a technology known as content-security policy (CSP).

When configured and implemented correctly, CSP can severely cripple cross-site scripting attacks. Big technology companies such as Twitter, Facebook, Etsy, and Github are using this to transparently protect their end users from this common vulnerability class.

This session is a combination of short micro talks and a panel discussion geared at getting you the tools needed to understand and implement CSP.

The first microtalk will be a primer to CSP. We will break down what CSP is and provide you the tools to get started with it. The next microtalk is centered around how to sell CSP to management, and techniques to increase adoption in your organization. The final microtalk is around what the web may look like in 5 years, and how content-security policy will play a key role in mitigating increasingly potent client-side attacks.
Speakers
CP

CSP Peeps

Ian Melven - New Relic Joel Weinberger - Google - Google engineer on Chrome Security, working on CSP and other security features, and former UC Berkeley grad student and security researcher. Caleb Queern - Cyveillance Kenneth Lee - Etsy Scott Behrens - Netflix - Scott Behrens is a... Read More →

Tuesday January 28, 2014 11:30am - 12:30pm PST
Track 3
  Session

Attendees (0)