CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy

Presenter: Russell Schreyer | Wednesday, January 25th, 2017 from 7:00pm - 8:00pm St. Boniface Library: 131 Provencher Blvd, 2nd Floor (Salle Marie Lynne Bernard), Winnipeg, MB R2H 0G2

A team at Google performed a large scale analysis of real-world deployments of the Content Security Policy and found that roughly 95% of all distinct policies could be bypassed. This paper discusses how they did it, and how to improve the situation.

Russell Schreyer is an IT Security enthusiast and professional. Russ has achieved a Network Security Diploma, Information Assurance & Security Certificate, Management Certificate, and a Diploma in Business Administration. He has worked for such companies as Octopi Managed Services Inc., Above Security (Seccuris), and recently Tangent Animation (from Frantic Films). Russ has been privileged with having done and assisted in many interesting projects such as setting up cell phone detection units, geo-IP filters, CryptoWall recovery, and client assessments. He enjoys being current on IT trends; being a member of SkullSpace (IT community) and DC204 (InfoSec community).

The video for this event has not yet been released.