Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
110
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
60
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
120
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
530
Debugging with PhpStorm & XDebug
christophrumpel
0
220
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
750
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
130
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
280
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
240
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
190
Other Decks in Technology
See All in Technology
AIに実況させる / AI Streamer
motemen
3
1.4k
ローカル環境でAIを動かそう!
falken
PRO
1
170
TechBull Membersの開発進捗どうですか!?
rvirus0817
0
200
Scale Security Programs with Scorecarding
ramimac
0
430
MCP Clientを活用するための設計と実装上の工夫
yudai00
1
800
mnt_data_とは?ChatGPTコード実行環境を深堀りしてみた
icck
0
210
AIエージェントデザインパターンの選び方
almondo_event
0
150
Introduction to Bill One Development Engineer
sansan33
PRO
0
240
Cursor Meetup Tokyo
iamshunta
2
370
AIのための オンボーディングドキュメントを整備する - hirotea
hirotea
9
2.3k
ソフトウェアは捨てやすく作ろう/Let's make software easy to discard
sanogemaru
10
5.8k
実践Kafka Streams 〜イベント駆動型アーキテクチャを添えて〜
joker1007
0
210
Featured
See All Featured
Bash Introduction
62gerente
614
210k
Optimising Largest Contentful Paint
csswizardry
37
3.3k
A designer walks into a library…
pauljervisheath
205
24k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
3k
YesSQL, Process and Tooling at Scale
rocio
172
14k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.4k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
Become a Pro
speakerdeck
PRO
28
5.4k
Statistics for Hackers
jakevdp
799
220k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
How to train your dragon (web standard)
notwaldorf
92
6k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN