Black Hat is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Beyond Blind Defense: Gaining Insights from Proactive AppSec

View Recording

Thursday, September 22, 2016
11:00 HRS PT/14:00 HRS ET
60 minutes, including Q&A

Brought to you by:

Beyond Blind Defense: Gaining Insights from Proactive AppSec by Bryant Zadegan
Beyond Blind Defense: Gaining Insights from Proactive AppSec by Rami Essaid

As application security continues to evolve, defenders gain more effective and varied tools to aid in strengthening application security. Two such tools, the Content Security Policy (CSP) and HTTP Public Key Pinning (HPKP) browser-side web standards, not only act as added layers of defense but also give insight into common failure cases and classes of attacks, such as Cross-Site Scripting and Man In The Middle attacks. We'll briefly discuss the benefits of CSP and HPKP, focus more deeply on how Reporting works with both of these standards, what insights can be gained through CSP and HPKP Reporting, as well as special considerations for those considering implementation of both of these standards in either monitoring or blocking modes.


Bryant ZadeganBryant Zadegan

Bryant Zadegan directs the Application Security practice at The Advisory Board Company, a member-focused healthcare and education firm. When not driving developers to embrace AppSec in continuous integration, Bryant either mentors filmmakers and startups at the Mach37 cybersecurity accelerator, or he punches holes in products from Amazon, Google, and Reddit. On days when he'd rather not touch computers, he's usually nowhere to be found near his hometown of DC. Find him at @eganist on Twitter or at

Sponsor Presenter:

Rami EssaidRami Essaid

Rami Essaid is the CEO and Co-founder of Distil Networks, the first easy and accurate way to identify and police malicious website traffic, blocking 99.9% of bad bots without impacting legitimate users. With over 14 years in telecommunications, network security, and cloud infrastructure management, Rami continues to advise enterprise companies around the world, helping them embrace the cloud to improve their scalability and reliability while maintaining a high level of security. Follow Rami at @RamiEssaid





Sign up to receive information about upcoming Black Hat events including Briefings, Trainings, speakers, and important event updates.


Sustaining Partners