Scanning a web application for vulnerabilities and ensuring it is secure is certainly a good thing to do. Though there are other things you can leverage to improve the security posture of your web applications, such as Content Security Policy (CSP).
Watch our security researcher Sven Morgenroth deliver a presentation and demo about CSP during episode #536 of Paul’s Security Weekly. During the podcast Sven;
- Explains what is CSP,
- Explains some CSP directives and how to use them,
- Shows some of the most common mistakes one can make when configuring CSP,
- Explains how CSP helps in preventing Cross-site Scripting vulnerabilities on your web applications.
During the podcast, Sven also makes a demo and shows the effect Content Security Policy directives have when used to protect a web application and also highlights some best practices. Sven also shows how you can use the Netsparker web application security scanner to ensure your Content Security Policy is airtight, or better, hacker tight!
Slides for Content Security Policy Presentation & Demo
Below are the slides Sven used during the presentation and demo of the Content Security Policy.
This is a Security Bloggers Network syndicated blog post. Read the original at: Netsparker, Web Application Security Scanner 2017-12-05.