Thursday, July 14, 2016

SANS @Night

I presented at an @Night talk this evening at SANS Rocky Mountain 2016, the topic: Implementing Secure HTTP Headers.  Thanks to everyone that showed up, as usual the slides tell only a portion of the story. I did use evilsite.info to demo XFS and show some X-Frame-Options outcomes as well as X-XSS-Protection in action; which was interesting. Unfortunately the primary Banking site I had been using for clickjacking demonstrations is no longer servicing requests - so I will need to update that at some point. At any rate, the slides are here: Presentation