Deploying and Managing CSP: the Browser-side Firewall
Data exfiltration attacks like Magecart have targeted a low-hanging fruit in the industry and have allowed attackers to steal millions of user’s credit card data. Existing security systems fail to prevent or even detect these attacks and this is a major blind-spot in the security monitoring systems. Content Security Policy is a standard supported in most modern browsers and can be harnessed to help increase protection against Magecart type attacks. This talk will explain how engineers in charge of infrastructure and servers can put this security measure in place and manage it effectively.
- Introduction to client-side Data Exfiltration attacks
- Introduction to Content-Security Policy
- Content Security Policy to prevent Data Exfiltration attacks
○ What is possible
○ What are the limitations
- How to design and deploy CSP to detect/prevent Data Exfiltration attacks
- How to monitor policy violations and alerts
Lavakumar Kuppan is the founder of Ironwasp Security. He is a security researcher and a product developer. He is currently developing products that automatically perform vulnerability detection and attack monitoring for the DOM.