Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, September 18 • 3:00pm - 3:45pm
Client-side security with the Security Header Injection Module (SHIM)

Sign up or log in to save this to your schedule and see who's attending!

Tweet Share
Client-side security headers are useful countermeasures for Man-In-The-Middle, Clickjacking, XSS, MIME-Type sniffing, and Data Caching vulnerabilities. In this talk, we will review several security headers (e.g. Strict-Transport-Security, X-Frame-Options, X-XSS-Protection, Content-Security-Policy, and X-Content-Type-Options) and the various options available for each header. We will then demonstrate a new open source Security Header Injection Module (SHIM) for ASP.NET (developed by the presenters) that can be configured to mitigate the vulnerabilities by setting the security headers for any web application. The SHIM tool will be officially released at AppSec USA.
Speakers
AC

Aaron Cure

Senior Security Consultant, Cypress Data Defense, LLC
Aaron is a senior security consultant at Cypress Data Defense, and an instructor and contributing author for the CDD Introduction to Internet Security in .NET course. After ten years in the U.S. Army as a Russian Linguist and a Satellite Repair Technician, he worked as a database administrator and programmer on the Iridium project, with subsequent positions as a telecommunications consultant, senior programmer, and security consultant. Other... Read More →
avatar for Eric Johnson

Eric Johnson

Senior Security Consultant, Cypress Data Defense, LLC
Eric Johnson is a Senior Security Consultant at Cypress Data Defense and the Application Security Curriculum Product Manager at SANS. Eric is a Certified SANS Instructor and is a course author for DEV544: Secure Coding in .NET, DEV531: Mobile App Security Essentials, and several Securing The Human Developer security awareness modules. His experience includes web and mobile application penetration testing, secure code review, risk assessment... Read More →

Thursday September 18, 2014 3:00pm - 3:45pm
Colorado Ballroom G-J [Builders] Denver Marriott City Center
  Session, Builders