Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Content Security Policy in your Rails apps in 30s

Jean-Baptiste Aviat
July 05, 2016
Programming
0
270

Content Security Policy in your Rails apps in 30s

Content Security Policy (CSP) is an HTTP header that instructs the browser to limit loading of external assets, such as scripts, styles or media to specific sources. It is intended to prevent wide categories of attacks, such as cross-site scripting (XSS), click-jacking and other code injection. This feature is powerful because it prevents many common attacks that target your users’ browsers.
We explain why Content Security Policy is complex to use and how Sqreen provides a powerful feature to easily add it to your applications.

Jean-Baptiste Aviat

July 05, 2016
Tweet

More Decks by Jean-Baptiste Aviat

See All by Jean-Baptiste Aviat
Writing a Python C extension in 2018
aviat
1
1k
App Security is just a Git flow (with built-in conflicts)
aviat
0
1.1k
Tune your App Perf (and get fit for summer)
aviat
2
490

Other Decks in Programming

See All in Programming
みんなでプロポーザルを書いてみた
yuriko1211
0
280
ECS Service Connectのこれまでのアップデートと今後のRoadmapを見てみる
tkikuc
2
260
Nurturing OpenJDK distribution: Eclipse Temurin Success History and plan
ivargrimstad
0
1k
Better Code Design in PHP
afilina
PRO
0
130
型付き API リクエストを実現するいくつかの手法とその選択 / Typed API Request
euxn23
8
2.3k
CSC509 Lecture 11
javiergs
PRO
0
180
OSSで起業してもうすぐ10年 / Open Source Conference 2024 Shimane
furukawayasuto
0
110
PHP でアセンブリ言語のように書く技術
memory1994
PRO
1
170
카카오페이는 어떻게 수천만 결제를 처리할까? 우아한 결제 분산락 노하우
kakao
PRO
0
110
色々なIaCツールを実際に触って比較してみる
iriikeita
0
330
Jakarta EE meets AI
ivargrimstad
0
720
subpath importsで始めるモック生活
10tera
0
320

Featured

See All Featured
Building Adaptive Systems
keathley
38
2.3k
Fireside Chat
paigeccino
34
3k
Designing on Purpose - Digital PM Summit 2013
jponch
115
7k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
506
140k
[RailsConf 2023] Rails as a piece of cake
palkan
52
4.9k
Gamification - CAS2011
davidbonilla
80
5k
GraphQLの誤解/rethinking-graphql
sonatard
67
10k
Large-scale JavaScript Application Architecture
addyosmani
510
110k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
Unsuck your backbone
ammeep
668
57k
Teambox: Starting and Learning
jrom
133
8.8k

Transcript

  1. Confidential & proprietary © Sqreen, 2015 sqreen.io Content Security Policy

    in your Rails apps in 30s

  2. © Sqreen sqreen.io Content Security Policy TL;DR

  3. Confidential & proprietary © Sqreen, 2015 sqreen.io Content Security Policy

    is ready to be used today

  4. Confidential & proprietary © Sqreen, 2015 sqreen.io Content Security Policy

    v2 is progressively supported

  5. © Sqreen sqreen.io Content Security Policy Failure? complex error prone

    can break anything between dev and prod

  6. © Sqreen sqreen.io <0.9% of websites using it Fail?

  7. © Sqreen sqreen.io Yet, Content Security Policy is an awesome

    protection... XSS click-jacking code injection Rogue extensions

  8. Confidential & proprietary © Sqreen, 2015 sqreen.io Sqreen helps you

    set up and maintain your Content Security Policy

  9. © Sqreen sqreen.io Sqreen updates your Content Security Policy in

    1-click

  10. Confidential & proprietary © Sqreen, 2015 sqreen.io Let's protect your

    Rails apps