Overview
Explore client-side security headers and their role in mitigating vulnerabilities like Man-In-The-Middle attacks, Clickjacking, XSS, MIME-Type sniffing, and Data Caching in this conference talk from AppSecUSA 2014. Learn about key security headers including Strict-Transport-Security, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, and X-Content-Type-Options, along with their configuration options. Discover the newly released open-source Security Header Injection Module (SHIM) for ASP.NET, designed to easily implement these headers in web applications. Presented by Aaron Cure and Eric Johnson, experienced security consultants from Cypress Data Defense, this 39-minute talk provides valuable insights into enhancing client-side security for developers and security professionals.
Syllabus
Clientside security with the Security Header Injection Module SHIM - OWASP AppSecUSA 2014
Taught by
OWASP Foundation