Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
100
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
40
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
87
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
490
Debugging with PhpStorm & XDebug
christophrumpel
0
190
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
720
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
120
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
250
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
220
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
160
Other Decks in Technology
See All in Technology
Lambdaと地方とコミュニティ
miu_crescent
2
220
Platform Engineering ことはじめ
oracle4engineer
PRO
8
810
サイバーセキュリティと認知バイアス:対策の隙を埋める心理学的アプローチ
shumei_ito
0
170
End of Barrel Files: New Modularization Techniques with Sheriff
rainerhahnekamp
0
280
LINEヤフー株式会社における音声言語情報処理AI研究開発@SP/SLP研究会 2024.10.22
lycorptech_jp
PRO
2
280
形式手法の 10 メートル手前 #kernelvm / Kernel VM Study Hokuriku Part 7
ytaka23
5
750
全社横断データ活用推進のコツと その負債とのつき合い方
masatoshi0205
0
170
フロントエンド メタフレームワーク 選定の際に考えたこと
yuppeeng
0
590
DatabricksにおけるLLMOpsのベストプラクティス
taka_aki
4
1.6k
株式会社島津製作所_研究開発(集団協業と知的生産)の現場を支える、OSS知識基盤システムの導入
akahane92
1
180
SREの前に
nwiizo
11
2.7k
隣接領域をBeyondするFinatextのエンジニア組織設計 / beyond-engineering-areas
stajima
1
230
Featured
See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
Statistics for Hackers
jakevdp
796
220k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
505
140k
Designing Experiences People Love
moore
138
23k
A better future with KSS
kneath
238
17k
Teambox: Starting and Learning
jrom
133
8.8k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
25
1.8k
Why You Should Never Use an ORM
jnunemaker
PRO
54
9k
Fashionably flexible responsive web design (full day workshop)
malarkey
404
65k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
Side Projects
sachag
452
42k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN