Recorded at AppSecUSA 2014 in Denver
http://2014.appsecusa.org/
Thursday, September 18 • 3:00pm - 3:45pm
Client-side security with the Security Header Injection Module (SHIM)
Client-side security headers are useful countermeasures for Man-In-The-Middle, Clickjacking, XSS, MIME-Type sniffing, and Data Caching vulnerabilities. In this talk, we will review several security headers (e.g. Strict-Transport-Security, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, and X-Content-Type-Options) and the various options available for each header. We will then demonstrate a new open source Security Header Injection Module (SHIM) for ASP.NET (developed by the presenters) that can be configured to mitigate the vulnerabilities by setting the security headers for any web application. The SHIM tool will be officially released at AppSec USA.
Speakers
Aaron Cure
Senior Security Consultant, Cypress Data Defense, LLC
Aaron is a senior security consultant at Cypress Data Defense, and an instructor and contributing author for the CDD Introduction to Internet Security in .NET course. After ten years in the U.S. Army as a Russian Linguist and a Satellite Repair Technician, he worked as a database administrator and programmer on the Iridium project, with subsequent positions as a telecommunications consultant, senior programmer, and security consultant.
Eric Johnson
Senior Security Consultant, Cypress Data Defense, LLC
Eric is a senior security consultant at Cypress Data Defense, and an instructor and contributing author for the SANS DEV544 Secure Coding in .NET course. He previously spent six years performing web application security assessments for a large financial institution, and another four years focusing on ASP .NET web development.
-
Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...
Watch video Clientside security with the Security Header Injection Module SHIM - OWASP AppSecUSA 2014 online without registration, duration hours minute second in high quality. This video was added by user OWASP Foundation 25 September 2014, don't forget to share it with your friends and acquaintances, it has been viewed on our site 1,61 once and liked it people.