Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Christoph Rumpel
April 24, 2018
Technology
1
120
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
110
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
180
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
580
Debugging with PhpStorm & XDebug
christophrumpel
0
270
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
800
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
170
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
320
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
260
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
240
Other Decks in Technology
See All in Technology
Goのerror型がシンプルであることの恩恵について理解する
yamatai1212
1
240
生成AI活用でQAエンジニアにどのような仕事が生まれるか/Support Required of QA Engineers for Generative AI
goyoki
1
270
「お金で解決」が全てではない!大規模WebアプリのCI高速化 #phperkaigi
stefafafan
3
910
ABEMAのバグバウンティの取り組み
kurochan
1
110
「通るまでRe-run」から卒業!落ちないテストを書く勘所
asumikam
1
190
AI時代の「本当の」ハイブリッドクラウド — エージェントが実現した、あの頃の夢
ebibibi
0
150
銀行の内製開発にて2つのプロダクトを1つのチームでスクラムしてみてる話
koba1210
1
150
Google系サービスで文字起こしから勝手にカレンダーを埋めるエージェントを作った話
risatube
0
190
OCI技術資料 : コンピュート・サービス 概要
ocise
4
54k
楽しく学ぼう!ネットワーク入門
shotashiratori
1
480
スケールアップ企業でQA組織が機能し続けるための組織設計と仕組み〜ボトムアップとトップダウンを両輪としたアプローチ〜
tarappo
1
170
エンジニアリングマネージャーの仕事
yuheinakasaka
0
110
Featured
See All Featured
Noah Learner - AI + Me: how we built a GSC Bulk Export data pipeline
techseoconnect
PRO
0
140
Exploring anti-patterns in Rails
aemeredith
2
290
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.9k
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
980
Art, The Web, and Tiny UX
lynnandtonic
304
21k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
64
52k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
12
1.1k
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
74
Mind Mapping
helmedeiros
PRO
1
130
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
10k
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
320
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.6k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN
christophrumpel
yamatai1212
goyoki
stefafafan
kurochan
asumikam
ebibibi
koba1210
risatube
ocise
shotashiratori
tarappo
yuheinakasaka
techseoconnect
aemeredith
reverentgeek
joshbly
lynnandtonic
soudai
tammyeverts
akademiya2063
helmedeiros
eileencodes
jct
philnash
