Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
100
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
41
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
87
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
490
Debugging with PhpStorm & XDebug
christophrumpel
0
190
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
720
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
120
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
250
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
220
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
160
Other Decks in Technology
See All in Technology
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
130
ノーコードデータ分析ツールで体験する時系列データ分析超入門
negi111111
0
420
Zennのパフォーマンスモニタリングでやっていること
ryosukeigarashi
0
150
【令和最新版】AWS Direct Connectと愉快なGWたちのおさらい
minorun365
PRO
5
760
Platform Engineering for Software Developers and Architects
syntasso
1
520
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
390
Shopifyアプリ開発における Shopifyの機能活用
sonatard
4
250
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.2k
適材適所の技術選定 〜GraphQL・REST API・tRPC〜 / Optimal Technology Selection
kakehashi
1
690
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.9k
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
4
230
複雑なState管理からの脱却
sansantech
PRO
1
150
Featured
See All Featured
Rails Girls Zürich Keynote
gr2m
94
13k
A Tale of Four Properties
chriscoyier
156
23k
Building an army of robots
kneath
302
43k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Done Done
chrislema
181
16k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
Code Review Best Practice
trishagee
64
17k
Speed Design
sergeychernyshev
25
620
Scaling GitHub
holman
458
140k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
27
840
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN