Clientside security with the Security Header Injection Module SHIM - OWASP AppSecUSA 2014
Recorded at AppSecUSA 2014 in Denver
http://2014.appsecusa.org/
Thursday, September 18 • 3:00pm - 3:45pm
Client-side security with the Security Header Injection Module (SHIM)
Client-side security headers are useful countermeasures for Man-In-The-Middle, Clickjacking, XSS, MIME-Type sniffing, and Data Caching vulnerabilities. In this talk, we will review several security headers (e.g. Strict-Transport-Security, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, and X-Content-Type-Options) and the various options available for each header. We will then demonstrate a new open source Security Header Injection Module (SHIM) for ASP.NET (developed by the presenters) that can be configured to mitigate the vulnerabilities by setting the security headers for any web application. The SHIM tool will be officially released at AppSec USA.
Speakers
Aaron Cure
Senior Security Consultant, Cypress Data Defense, LLC
Aaron is a senior security consultant at Cypress Data Defense, and an instructor and contributing author for the CDD Introduction to Internet Security in .NET course. After ten years in the U.S. Army as a Russian Linguist and a Satellite Repair Technician, he worked as a database administrator and programmer on the Iridium project, with subsequent positions as a telecommunications consultant, senior programmer, and security consultant.
Eric Johnson
Senior Security Consultant, Cypress Data Defense, LLC
Eric is a senior security consultant at Cypress Data Defense, and an instructor and contributing author for the SANS DEV544 Secure Coding in .NET course. He previously spent six years performing web application security assessments for a large financial institution, and another four years focusing on ASP .NET web development.
-
Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...
Смотрите видео Clientside security with the Security Header Injection Module SHIM - OWASP AppSecUSA 2014 онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь OWASP Foundation 25 Сентябрь 2014, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 1,61 раз и оно понравилось людям.