As application security continues to evolve, defenders gain more effective and varied tools to aid in strengthening application security. Two such tools, the Content Security Policy (CSP) and HTTP Public Key Pinning (HPKP) browser-side web standards, not only act as added layers of defense but also give insight into common failure cases and classes of attacks, such as Cross-Site Scripting and Man In The Middle attacks.
Watch as they briefly discuss the benefits of CSP and HPKP, focus more deeply on how Reporting works with both of these standards, what insights can be gained through CSP and HPKP Reporting, as well as special considerations for those considering implementation of both of these standards in either monitoring or blocking modes.