Loading…
BSidesSF 2019 has ended
Monday, March 4 • 2:10pm - 2:40pm
HTTP Security Headers: A Technology History Through Scar Tissue

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
Security headers are a history of digital scar tissue. Each one there because we discovered something terrible on the internet but couldn't shut it off without breaking things. They allow you to tap into a wealth of security controls built into modern browsers, but most are simply off by default. We'll start with a quick, high level overview of most of the major security headers and what best practice is for setting them.

We'll finish with a deep dive into the content-security-policy header, both the most complex and most powerful security header. I'll show how at my company we got the best security outcomes by enabling developers—the people who best know the content that should be running in our apps—to tailor the CSP header themselves giving us more fine-grained control than a traditional security or operations driven policy.

Speakers
avatar for Benjamin Hering

Benjamin Hering

Senior Security Engineer, ASAPP
Benjamin works in and teaches security. His career focused on leveraging technology to improve organizations and people in both the for-profit and non-profit spheres, making technology meet people where they are rather than the other way around.



Monday March 4, 2019 2:10pm - 2:40pm
City View