Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Content Security Policy 101 - Lightning Talk

Avatar for Christoph Rumpel Christoph Rumpel
April 24, 2018
Technology
120
1

Content Security Policy 101 - Lightning Talk

This is a 5min talk version of Content Security Policy 101 talk.

Avatar for Christoph Rumpel

Christoph Rumpel

April 24, 2018

More Decks by Christoph Rumpel

See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
Avatar for Christoph Rumpel christophrumpel
0
120
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
Avatar for Christoph Rumpel christophrumpel
0
190
Why Refactoring Is The Best Tool To Write Better Code
Avatar for Christoph Rumpel christophrumpel
0
590
Debugging with PhpStorm & XDebug
Avatar for Christoph Rumpel christophrumpel
0
280
The final Laravel Service Container talk (Laracon Online)
Avatar for Christoph Rumpel christophrumpel
1
800
NomadPHP - The Laravel Core - Demystify The Beast
Avatar for Christoph Rumpel christophrumpel
0
170
Laravel Factories Reloaded (Laracon Online)
Avatar for Christoph Rumpel christophrumpel
1
330
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
Avatar for Christoph Rumpel christophrumpel
0
270
The Laravel Core - Demystify The Beast (New York)
Avatar for Christoph Rumpel christophrumpel
0
240

Other Decks in Technology

See All in Technology
Master Dataグループ紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
4.6k
2026年、知っておくべき最新 サーバレスTips10選/serverless-10-tips
Avatar for Serverless Operations slsops
13
5.2k
社内エンジニア勉強会の醍醐味と苦しみ/tamadev
Avatar for Ichiro Nishiuma nishiuma
0
210
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
Avatar for Cybozu cybozuinsideout
PRO
10
78k
コードや知識を組み込む / Incorporate Code and Knowledge
Avatar for Kenji Saito ks91
PRO
0
150
マルチプロダクトの信頼性を効率良く保っていくために
Avatar for KNOWLEDGE WORK / 株式会社ナレッジワーク kworkdev
PRO
0
160
M5Stack CoreS3とZephyr(RTOS)で Edge AIっぽいことしてみた
Avatar for misoji engineer iotengineer22
0
220
AWS DevOps Agentはチームメイトになれるのか?/ Can AWS DevOps Agent become a teammate
Avatar for Masanori Yamaguchi kinunori
6
740
AI와 협업하는 조직으로의 여정
Avatar for Arawn Park arawn
0
450
自分のハンドルは自分で握れ! ― 自分のケイパビリティを増やし、メンバーのケイパビリティ獲得を支援する ― / Take the wheel yourself
Avatar for TAKAKING22 takaking22
1
910
実践ハーネスエンジニアリング:TAKTで実現するAIエージェント制御 / Practical Harness Engineering: AI Agent Control Enabled by TAKT
Avatar for nrs nrslib
11
4.6k
Standards et agents IA : un tour d’horizon de MCP, A2A, ADK et plus encore
Avatar for Guillaume Laforge glaforge
0
170

Featured

See All Featured
Agile that works and the tools we love
Avatar for Rasmus Luckow-Nielsen rasmusluckow
331
21k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
45
9k
Introduction to Domain-Driven Design and Collaborative software design
Avatar for Kenny Baas-Schwegler baasie
1
730
Performance Is Good for Brains [We Love Speed 2024]
Avatar for Tammy Everts tammyeverts
12
1.6k
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
Avatar for Akihiro Kokubo akihiro_kokubo
PRO
69
39k
30 Presentation Tips
Avatar for Ian Lurie portentint
PRO
1
270
Navigating Weather and Climate Data
Avatar for Ryan Abernathey rabernat
0
170
Navigating Team Friction
Avatar for Lara Hogan lara
192
16k
WENDY [Excerpt]
Avatar for Tessa Abrams tessaabrams
10
37k
Skip the Path - Find Your Career Trail
Avatar for Mark Kilby mkilby
1
110
Done Done
Avatar for chrislema chrislema
186
16k
Between Models and Reality
Avatar for mayunak mayunak
3
270

Transcript

  1. Hello webclerks :)

  2. Content Security Policy 101

  3. Content Security Policy 101 Can Christoph do 40 slides in

    5 minutes?

  4. ABOUT ME

  5. CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel

    christoph-rumpel.com

  6. SECURITY IS HARD

  7. SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing

    Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks

  8. Adobe Playstation Network Cloudflare FAMOUS LEAKS

  9. How can we protect our sites when even big companies

    can't?

  10. Step by step

  11. CONTENT SECURITY POLICY

  12. CSP lets you define trusted resources.

  13. Content-Security-Policy: policies

  14. Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE

  15. img-src *; script-src 'self'; DIRECTIVES

  16. img-src *; script-src 'self'; LOCATIONS

  17. img-src *; script-src 'self'; TRANSLATED Images are allowed to be

    loaded from any resource

  18. img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be

    loaded from the current site's origin only

  19. img-src script-src DIRECTIVES

  20. img-src script-src style-src font-src media-src form-action ...

  21. * 'self' LOCATIONS

  22. * 'self' domain.example.com *.example.com 'none' ...

  23. CSP christoph-rumpel.com

  24. BROWSER SUPPORT

  25. BROWSER SUPPORT

  26. INTEGRATIONS

  27. SERVER CONFIGURATION Apache

  28. SERVER CONFIGURATION Nginx

  29. LARAVEL MIDDLEWARE

  30. WP Content Security Policy Plugin - Screenshot Policies PLUGINS

  31. MUCH MORE

  32. HASHES AND NONCES

  33. REPORTING

  34. Content Security Policy 101 Laravel Response Caching And CSP CSP,

    Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES

  35. THANKS

  36. QUESTIONS?

  37. THANKS AGAIN