Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Christoph Rumpel
April 24, 2018
Technology
120
1
Share
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
120
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
190
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
590
Debugging with PhpStorm & XDebug
christophrumpel
0
280
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
800
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
170
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
330
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
270
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
240
Other Decks in Technology
See All in Technology
Revisiting [CLS] and Patch Token Interaction in Vision Transformers
yu4u
0
400
Class.new is all you need
riseshia
1
170
AIでAIをテストする - 音声AIエージェントの品質保証戦略
morix1500
1
140
実践ハーネスエンジニアリング:TAKTで実現するAIエージェント制御 / Practical Harness Engineering: AI Agent Control Enabled by TAKT
nrslib
13
4.9k
エージェントスキルを作って自分のインプットに役立てよう
tsubakimoto_s
0
440
AIが自律的に働く時代へ Amazon Quick で実現するAIエージェント紹介
koheiyoshikawa
0
110
AI時代のガードレールとしてのAPIガバナンス
nagix
0
310
[OAWTT26][THR1028] Oracle AI Database 26ai へのアップグレード:ベストプラクティスと最新情報
oracle4engineer
PRO
1
110
独断と偏見で試してみる、 シングル or マルチエージェント どっちがいいの?
shichijoyuhi
1
130
社内エンジニア勉強会の醍醐味と苦しみ/tamadev
nishiuma
0
240
AI バイブコーティングでキーボード不要?!
samakada
0
620
これからの「データマネジメント」の話をしよう
sansantech
PRO
0
150
Featured
See All Featured
The SEO identity crisis: Don't let AI make you average
varn
0
450
コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI
rkaga
61
43k
Statistics for Hackers
jakevdp
799
230k
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
1
200
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Between Models and Reality
mayunak
3
270
Gemini Prompt Engineering: Practical Techniques for Tangible AI Outcomes
mfonobong
2
370
Imperfection Machines: The Place of Print at Facebook
scottboms
270
14k
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
How to build a perfect <img>
jonoalderson
1
5.4k
The Limits of Empathy - UXLibs8
cassininazir
1
310
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN
SiteGround - Reliable hosting with speed, security, and support you can count on.
christophrumpel
yu4u
riseshia
morix1500
nrslib
tsubakimoto_s
koheiyoshikawa
nagix
oracle4engineer
shichijoyuhi
nishiuma
samakada
sansantech
varn
rkaga
jakevdp
baasie
destraynor
denniskardys
mayunak
mfonobong
scottboms
jeffersonlam
jonoalderson
cassininazir
