Stop Injected JavaScript with CSP: Defense in Depth That Works
Feedback
Most teams deploy Content-Security-Policy, but many policies still allow unsafe-inline or unsafe-eval and deliver little real protection. This talk is a practical, production-focused walkthrough of moving to nonce-based strict-dynamic CSP that actually helps in the real world.
The core security value is defense in depth: CSP does not replace output encoding and sanitization, but it can stop injected scripts from executing when undiscovered sanitization bugs slip through. In other words, it raises the bar for attackers and turns silent weaknesses into visible signals you can investigate and fix.
Speakers for Stop Injected JavaScript with CSP: Defense in Depth That Works:
Metadata for Stop Injected JavaScript with CSP: Defense in Depth That Works
To be recorded: YesTo be streamed: Yes
URLs for Stop Injected JavaScript with CSP: Defense in Depth That Works
No URLs found.
Schedule for Stop Injected JavaScript with CSP: Defense in Depth That Works
- Thursday, Jul 16th, 2026, 14:00 (CEST) - Thursday, Jul 16th, 2026, 15:00 (CEST) at Speakers Tent