Check the online version, I often update my slides.

Talk detail

They say “there's an app for that”. But there's also a framework for that! Let's say you have a JavaScript and you want to run it in unsuspecting user's browser (read Cross-Site Scripting). BeEF, The Browser Exploitation Framework, can make it a piece of cake. Content Security Policy, the archenemy of Cross-Site Scripting, leveled up, so let's go through what's new in CSP 3.

Content Security Policy demo pages:

Date and event

May 30, 2017, OWASP Czech Chapter Meeting (talk duration 60 minutes)

Michal Špaček

Michal Špaček

I build web applications and I'm into web application security. I like to speak about secure development. My mission is to teach web developers how to build secure and fast web applications and why.

Public trainings

Come to my public trainings, everybody's welcome:

PHP application security
(June 25–26, 2019 Praha)

HTTPS for developers and admins
(June 2019 Praha)