I have written a few articles about 'Browser Security Headers' in recent months; I partly wrote them to encourage me to read more on the subject myself but I hope that someone starting off on the subject will find them useful.
Rather than write another quick post on the subject I have decided to reference a new training video that Troy Hunt and Scott Helme have recently published on Pluralsight. For those who have not heard of Pluralsight before it is the largest (and in my opinion the best) online training resource for those looking to learn more about technical subjects ranging from deep dive software programming videos to more "fluffy" subjects like project management and team building (there is even a video on "How to manage a developer" which I found rather entertaining). Pluralsight offer a free trial which is long enough for you to watch a few videos and decide if you feel they are worth paying for (or asking your boss to pay for as I have done).
The great thing about Troy and Scott's new video is the format it is presented in; the two easy talking experts are not just talking at the screen with a slide show, they are discussing the subject with each other in what Pluralsight call a "play by play". The format allows for a technical discussion as if you were sat around your desks at work (or even in the pub). They have taken an important technical subject (Browser Security Headers) and made it easy to consume and understand without too much jargon or presumed knowledge.
The course contains short modules (no more than ten or so minutes) on each of the main browser security headers:
- The importance of Browser Security Reporting
- Content Security Policies (CSP) Reporting
- HTTP Public Key Pinning (HPKP) Reporting
- Certificate Authority Authorisation (CAA) Reporting
- Certificate Transparency (CT) Reporting
- Cross Site Scripting (XSS) Reporting
I have just finished watching the video myself; the beauty of the Play by Play style of courses (two experts talking face to face) is that you can easily watch them whilst working. I watched this course whilst working on the bug backlog for my most recent project! I strongly recommend that any web developer or person looking to move into IT Security take a look at this video (sign up for the free trial if you don't already have a Pluralsight account).
You can find the summary of 'Modern Browser Security Reporting' course on Pluralsight, and read more about it on Troy's blog. And just for giggles you can see how many courses I have watched on my 'Certificates, Courses, and the such' page (yes I am that sad).