Fixing XSS with Content Security Policy

Explore the intricacies of Content Security Policy (CSP) as a defense against cross-site scripting (XSS) attacks in this conference talk from OWASP AppSec California 2015. Delve into the differences between CSP 1.0 and CSP 1.1, understanding how these versions impact web application developers. Learn how CSP protects web applications from XSS vulnerabilities and whether traditional defenses like input validation and output encoding are still necessary. Discover the varying levels of browser support for CSP and gain practical insights on implementing this technology on your website. Benefit from the expertise of Ksenia Dmitrieva, a Senior Security Consultant with extensive experience in web application security, as she shares her knowledge on this promising HTML5 feature and its potential to enhance web security.