Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Content Security Policy 101 - Lightning Talk

Avatar for Christoph Rumpel Christoph Rumpel
April 24, 2018
Technology
1
110

Content Security Policy 101 - Lightning Talk

This is a 5min talk version of Content Security Policy 101 talk.
Avatar for Christoph Rumpel

Christoph Rumpel

April 24, 2018
Tweet

More Decks by Christoph Rumpel

See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
Avatar for Christoph Rumpel christophrumpel
0
60
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
Avatar for Christoph Rumpel christophrumpel
0
120
Why Refactoring Is The Best Tool To Write Better Code
Avatar for Christoph Rumpel christophrumpel
0
530
Debugging with PhpStorm & XDebug
Avatar for Christoph Rumpel christophrumpel
0
220
The final Laravel Service Container talk (Laracon Online)
Avatar for Christoph Rumpel christophrumpel
1
750
NomadPHP - The Laravel Core - Demystify The Beast
Avatar for Christoph Rumpel christophrumpel
0
130
Laravel Factories Reloaded (Laracon Online)
Avatar for Christoph Rumpel christophrumpel
1
280
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
Avatar for Christoph Rumpel christophrumpel
0
240
The Laravel Core - Demystify The Beast (New York)
Avatar for Christoph Rumpel christophrumpel
0
190

Other Decks in Technology

See All in Technology
AIに実況させる / AI Streamer
Avatar for motemen motemen
3
1.4k
ローカル環境でAIを動かそう!
Avatar for Michael Tedder falken
PRO
1
170
TechBull Membersの開発進捗どうですか!?
Avatar for adachin0817 rvirus0817
0
200
Scale Security Programs with Scorecarding
Avatar for Rami McCarthy ramimac
0
430
MCP Clientを活用するための設計と実装上の工夫
Avatar for Yudai Hayashi yudai00
1
800
mnt_data_とは?ChatGPTコード実行環境を深堀りしてみた
Avatar for Issei.Komori icck
0
210
AIエージェントデザインパターンの選び方
Avatar for Almondoイベント担当 almondo_event
0
150
Introduction to Bill One Development Engineer
Avatar for Sansan, Inc. sansan33
PRO
0
240
Cursor Meetup Tokyo
Avatar for Shunta Komatsu iamshunta
2
370
AIのための
オンボーディングドキュメントを整備する - hirotea
Avatar for hirotea hirotea
9
2.3k
ソフトウェアは捨てやすく作ろう/Let's make software easy to discard
Avatar for Genki Sano sanogemaru
10
5.8k
実践Kafka Streams 〜イベント駆動型アーキテクチャを添えて〜
Avatar for Tomohiro Hashidate joker1007
0
210

Featured

See All Featured
Bash Introduction
Avatar for André Augusto Costa Santos 62gerente
614
210k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.3k
A designer walks into a library…
Avatar for Paul Jervis Heath pauljervisheath
205
24k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
34
3k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
172
14k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
Avatar for Michelle Schulp Hunt marktimemedia
30
2.4k
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
54
13k
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
28
5.4k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
220k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
462
33k
How to train your dragon (web standard)
Avatar for Monica Dinculescu notwaldorf
92
6k
How To Stay Up To Date on Web Technology
Avatar for Chris Coyier chriscoyier
790
250k

Transcript

  1. Hello webclerks :)

  2. Content Security Policy 101

  3. Content Security Policy 101 Can Christoph do 40 slides in

    5 minutes?

  4. ABOUT ME

  5. CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel

    christoph-rumpel.com

  6. SECURITY IS HARD

  7. SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing

    Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks

  8. Adobe Playstation Network Cloudflare FAMOUS LEAKS

  9. How can we protect our sites when even big companies

    can't?

  10. Step by step

  11. CONTENT SECURITY POLICY

  12. CSP lets you define trusted resources.

  13. Content-Security-Policy: policies

  14. Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE

  15. img-src *; script-src 'self'; DIRECTIVES

  16. img-src *; script-src 'self'; LOCATIONS

  17. img-src *; script-src 'self'; TRANSLATED Images are allowed to be

    loaded from any resource

  18. img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be

    loaded from the current site's origin only

  19. img-src script-src DIRECTIVES

  20. img-src script-src style-src font-src media-src form-action ...

  21. * 'self' LOCATIONS

  22. * 'self' domain.example.com *.example.com 'none' ...

  23. CSP christoph-rumpel.com

  24. BROWSER SUPPORT

  25. BROWSER SUPPORT

  26. INTEGRATIONS

  27. SERVER CONFIGURATION Apache

  28. SERVER CONFIGURATION Nginx

  29. LARAVEL MIDDLEWARE

  30. WP Content Security Policy Plugin - Screenshot Policies PLUGINS

  31. MUCH MORE

  32. HASHES AND NONCES

  33. REPORTING

  34. Content Security Policy 101 Laravel Response Caching And CSP CSP,

    Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES

  35. THANKS

  36. QUESTIONS?

  37. THANKS AGAIN