Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Content Security Policy in your Rails apps in 30s

Content Security Policy in your Rails apps in 30s

Content Security Policy (CSP) is an HTTP header that instructs the browser to limit loading of external assets, such as scripts, styles or media to specific sources. It is intended to prevent wide categories of attacks, such as cross-site scripting (XSS), click-jacking and other code injection. This feature is powerful because it prevents many common attacks that target your users’ browsers.
We explain why Content Security Policy is complex to use and how Sqreen provides a powerful feature to easily add it to your applications.

Jean-Baptiste Aviat

July 05, 2016
Tweet

More Decks by Jean-Baptiste Aviat

Other Decks in Programming

Transcript

  1. Confidential & proprietary © Sqreen, 2015
    sqreen.io
    Content Security Policy
    in your Rails apps in 30s

    View Slide

  2. © Sqreen
    sqreen.io
    Content Security Policy
    TL;DR

    View Slide

  3. Confidential & proprietary © Sqreen, 2015
    sqreen.io
    Content Security Policy
    is ready to be used today

    View Slide

  4. Confidential & proprietary © Sqreen, 2015
    sqreen.io
    Content Security Policy
    v2 is progressively supported

    View Slide

  5. © Sqreen
    sqreen.io
    Content Security Policy
    Failure?
    complex
    error prone
    can break anything
    between dev and prod

    View Slide

  6. © Sqreen
    sqreen.io
    <0.9% of websites using it
    Fail?

    View Slide

  7. © Sqreen
    sqreen.io
    Yet, Content Security Policy
    is an awesome protection...
    XSS
    click-jacking
    code injection
    Rogue
    extensions

    View Slide

  8. Confidential & proprietary © Sqreen, 2015
    sqreen.io
    Sqreen helps you set up and maintain
    your Content Security Policy

    View Slide

  9. © Sqreen
    sqreen.io
    Sqreen updates your Content
    Security Policy in 1-click

    View Slide

  10. Confidential & proprietary © Sqreen, 2015
    sqreen.io
    Let's protect your
    Rails apps

    View Slide