Content Security Policy - The application security Swiss Army Knife

CSP is an incredibly simple yet amazingly powerful security feature that is widely supported by browsers. It can mitigate XSS attacks, stop click-jacking attacks, neutralise mixed-content, kill ad-injectors and even help you migrate from HTTP to HTTPS to name just a few uses! In this talk I'm going to look at some of the headline features of CSP with demonstrations of attack prevention and some of the lesser known uses too. Everyone should be deploying CSP, are you?