About the talk #

As the server-side of the web gets more secure due to secure coding and defensive technologies, attackers are shifting their focus to the low-hanging fruit. This is increasingly turning out to be the client-side. Injecting a few lines of JavaScript in to an application’s client-side can give an attacker access to all of the data and functionality from the backend. And the attack can also go undetected. Clear evidence of this is the theft of several hundreds of millions of credit card details, consistently over the last several years using this approach.

In this talk, the speaker will explain how such attacks work, and how you can detect them using a built-in feature of the browsers - Content Security Policy (CSP). CSP implementation often becomes a complex and effort intensive exercise. Using the lessons learned from implementing CSP for several organisations, Lavakumar Kuppan will share a simple approach to having an imperfect but practical and useful CSP in place.

About the speaker #

Lavakumar Kuppan is founder at domdog.io
He has delivered talks on CSP at Rootconf and JSFoo

Purchase a subscription to access videos and to support Rootconf’s community activities.

Code of Conduct: Hasgeek’s Code of Conduct applies to all participants and speakers.

Contact information: For queries about Rootconf, contact Hasgeek at info@hasgeek.com or call (91)7676332020.

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more

About the talk #

As the server-side of the web gets more secure due to secure coding and defensive technologies, attackers are shifting their focus to the low-hanging fruit. This is increasingly turning out to be the client-side. Injecting a few lines of JavaScript in to an application’s client-side can give an attacker access to all of the data and functionality from the backend. And the attack can also go undetected. Clear evidence of this is the theft of several hundreds of millions of credit card details, consistently over the last several years using this approach.

In this talk, the speaker will explain how such attacks work, and how you can detect them using a built-in feature of the browsers - Content Security Policy (CSP). CSP implementation often becomes a complex and effort intensive exercise. Using the lessons learned from implementing CSP for several organisations, Lavakumar Kuppan will share a simple approach to having an imperfect but practical and useful CSP in place.

About the speaker #

Lavakumar Kuppan is founder at domdog.io
He has delivered talks on CSP at Rootconf and JSFoo

Purchase a subscription to access videos and to support Rootconf’s community activities.

Code of Conduct: Hasgeek’s Code of Conduct applies to all participants and speakers.

Contact information: For queries about Rootconf, contact Hasgeek at info@hasgeek.com or call (91)7676332020.

Videos

See all
A practical guide to detecting client-side attacks with CSP

A practical guide to detecting client-side attacks with CSP

Lavakumar Kuppan, founder at Domdog.io

1 hour 8 March 2023

Hosted by

Rootconf is a forum for discussions about DevOps, infrastructure management, IT operations, systems engineering, SRE and security (from infrastructure defence perspective). more