Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
99
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
29
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
81
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
480
Debugging with PhpStorm & XDebug
christophrumpel
0
190
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
710
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
120
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
250
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
220
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
160
Other Decks in Technology
See All in Technology
サプライチェーン攻撃に備える
ryunen344
0
290
Technical Writing Meetup vol.35
soracom
PRO
2
120
PdMはどのように全てのスピードを上げられるか ~ 非連続進化のための具体的な取り組み ~
sansantech
PRO
4
1.3k
ネットワークだけ隔離されたコンテナ作成デモ / Kichijoji.pm36
tenforward
1
240
不動産tech Product Night#2_AIことはじめ_GA橋本
takehikohashimoto
0
190
なにもしてないのにNew Relicのデータ転送量が増えていたときに確認したこと
tk3fftk
2
230
社内の学びの場・コミュニティ形成とエンジニア同士のリレーションシップ構築/devreljapan2024
nishiuma
3
290
Segment Anything Model 2
tenten0727
3
710
どこよりも遅めなWinActor Ver.7.5.0 新機能紹介
tamai_63
0
210
ロリポップ! for Gamersを支えるインフラ/lolipop for gamers infrastructure
takumakume
0
130
JTCや セキュリティチェックリストが夢の跡
nikinusu
1
690
サーバー管理しないサーバーサービスManaged DevOps Pool
kkamegawa
0
130
Featured
See All Featured
Producing Creativity
orderedlist
PRO
340
39k
[RailsConf 2023] Rails as a piece of cake
palkan
48
4.6k
BBQ
matthewcrist
83
9.2k
Six Lessons from altMBA
skipperchong
26
3.4k
Infographics Made Easy
chrislema
239
18k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
354
29k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
Building Adaptive Systems
keathley
36
2.1k
Become a Pro
speakerdeck
PRO
22
4.9k
A designer walks into a library…
pauljervisheath
201
24k
jQuery: Nuts, Bolts and Bling
dougneiner
61
7.4k
How GitHub Uses GitHub to Build GitHub
holman
472
290k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN