Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Content Security Policy in your Rails apps in 30s

Jean-Baptiste Aviat
July 05, 2016
Programming
0
210

Content Security Policy in your Rails apps in 30s

Content Security Policy (CSP) is an HTTP header that instructs the browser to limit loading of external assets, such as scripts, styles or media to specific sources. It is intended to prevent wide categories of attacks, such as cross-site scripting (XSS), click-jacking and other code injection. This feature is powerful because it prevents many common attacks that target your users’ browsers.
We explain why Content Security Policy is complex to use and how Sqreen provides a powerful feature to easily add it to your applications.

Jean-Baptiste Aviat

July 05, 2016
Tweet

More Decks by Jean-Baptiste Aviat

See All by Jean-Baptiste Aviat
Writing a Python C extension in 2018
aviat
1
890
App Security is just a Git flow (with built-in conflicts)
aviat
0
980
Tune your App Perf (and get fit for summer)
aviat
2
390

Other Decks in Programming

See All in Programming
良い開発生産性を目指せば採用もうまくいく
rinchsan
1
380
Unexplored Region - parse.y -
yui_knk
2
1.3k
Swagger Codegenで楽にSwiftのModelを生成する / Easily generate Swift Models with Swagger Codegen
naokimrmt
0
140
Firebase A/B TestingとRemote Config
を最大限に活用する方法
mukky620
1
370
Architecting For Scale
squer
0
210
From complexity to observability using OpenTelemetry
danilop
1
340
実践 AWS CDK 〜 いろいろな参照のカタチと使い分け 〜
konokenj
12
2k
NewCrafts: Let's Do a Thing and Call it Foo
maaretp
0
120
Let's write RBS!
pocke
0
1.8k
Implementing "++" operator, stepping into parse.y
coe401_
3
6.1k
シン・リッチエディタ徹底解説
microcms
1
530
「無ければ作る」Backlogに欲しい機能を自分で作った話
nsuz
0
190

Featured

See All Featured
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
13
1.4k
We Have a Design System, Now What?
morganepeng
38
6.2k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
BBQ
matthewcrist
75
8.2k
Designing for Performance
lara
601
65k
Typedesign – Prime Four
hannesfritz
34
1.6k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
176
9.4k
ParisWeb 2013: Learning to Love: Crash Course in Emotional UX Design
dotmariusz
101
6.3k
Side Projects
sachag
450
39k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.5k
RailsConf 2023
tenderlove
0
110
The Language of Interfaces
destraynor
149
21k

Transcript

  1. Confidential & proprietary © Sqreen, 2015
    sqreen.io
    Content Security Policy
    in your Rails apps in 30s

    View Slide

  2. © Sqreen
    sqreen.io
    Content Security Policy
    TL;DR

    View Slide

  3. Confidential & proprietary © Sqreen, 2015
    sqreen.io
    Content Security Policy
    is ready to be used today

    View Slide

  4. Confidential & proprietary © Sqreen, 2015
    sqreen.io
    Content Security Policy
    v2 is progressively supported

    View Slide

  5. © Sqreen
    sqreen.io
    Content Security Policy
    Failure?
    complex
    error prone
    can break anything
    between dev and prod

    View Slide

  6. © Sqreen
    sqreen.io
    <0.9% of websites using it
    Fail?

    View Slide

  7. © Sqreen
    sqreen.io
    Yet, Content Security Policy
    is an awesome protection...
    XSS
    click-jacking
    code injection
    Rogue
    extensions

    View Slide

  8. Confidential & proprietary © Sqreen, 2015
    sqreen.io
    Sqreen helps you set up and maintain
    your Content Security Policy

    View Slide

  9. © Sqreen
    sqreen.io
    Sqreen updates your Content
    Security Policy in 1-click

    View Slide

  10. Confidential & proprietary © Sqreen, 2015
    sqreen.io
    Let's protect your
    Rails apps

    View Slide