If you go check out SecurityHeaders.com, you'll see over half of applications get an F grade when it comes to correctly applying HTTP Security Headers. I've found well over half of developers don't even have a clue what a Security Header is. Yet every single web application out there needs them - even internal web applications. This likely means that many web applications are being exploited right now as you're reading this, due to this misconfiguration.

In this session, we'll explain a handful of HTTP Security Headers (including HSTS, CSP, XFO, and more) from the bottom up. We'll explain what they are, what they do, and how you can implement them to secure your sites. On each of these, we'll demo a before and after so you can see first hand what each of these security headers do.

By the end of this session, you'll be able to take away practical advice to start securing your web applications immediately when you go back to work.