Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Content Security Policy 101 - Lightning Talk

Avatar for Christoph Rumpel Christoph Rumpel
April 24, 2018
Technology
1
120

Content Security Policy 101 - Lightning Talk

This is a 5min talk version of Content Security Policy 101 talk.

Avatar for Christoph Rumpel

Christoph Rumpel

April 24, 2018
Tweet

More Decks by Christoph Rumpel

See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
Avatar for Christoph Rumpel christophrumpel
0
92
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
Avatar for Christoph Rumpel christophrumpel
0
160
Why Refactoring Is The Best Tool To Write Better Code
Avatar for Christoph Rumpel christophrumpel
0
560
Debugging with PhpStorm & XDebug
Avatar for Christoph Rumpel christophrumpel
0
250
The final Laravel Service Container talk (Laracon Online)
Avatar for Christoph Rumpel christophrumpel
1
780
NomadPHP - The Laravel Core - Demystify The Beast
Avatar for Christoph Rumpel christophrumpel
0
150
Laravel Factories Reloaded (Laracon Online)
Avatar for Christoph Rumpel christophrumpel
1
310
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
Avatar for Christoph Rumpel christophrumpel
0
250
The Laravel Core - Demystify The Beast (New York)
Avatar for Christoph Rumpel christophrumpel
0
220

Other Decks in Technology

See All in Technology
Amazon Connect アップデート! AIエージェントにMCPツールを設定してみた!
Avatar for Yosuke Suzuki ysuzuki
0
140
Bedrock AgentCore Memoryの新機能 (Episode) を試してみた / try Bedrock AgentCore Memory Episodic functionarity
Avatar for hoshi7_n hoshi7_n
2
1.9k
[Neurogica] 採用ポジション/ Recruitment Position
Avatar for Neurogica neurogica
1
130
Snowflake導入から1年、LayerXのデータ活用の現在 / One Year into Snowflake: How LayerX Uses Data Today
Avatar for Civitaspo civitaspo
0
2.5k
_第4回__AIxIoTビジネス共創ラボ紹介資料_20251203.pdf
Avatar for AIxIoTビジネス共創ラボ iotcomjpadmin
0
140
New Relic 1 年生の振り返りと Cloud Cost Intelligence について #NRUG
Avatar for PLAY, inc. play_inc
0
240
MariaDB Connector/C のcaching_sha2_passwordプラグインの仕様について
Avatar for kubo ayumu boro1234
0
1k
障害対応訓練、その前に
Avatar for coconala_engineer coconala_engineer
0
200
日本の AI 開発と世界の潮流 / GenAI Development in Japan
Avatar for Yoshitaka Haribara hariby
1
500
AI駆動開発の実践とその未来
Avatar for Ikko Eltociear Ashimine eltociear
2
500
投資戦略を量産せよ 2 - マケデコセミナー(2025/12/26)
Avatar for tomo gamella
0
460
2025年のデザインシステムとAI 活用を振り返る
Avatar for Tech Leverages leveragestech
0
330

Featured

See All Featured
JAMstack: Web Apps at Ludicrous Speed - All Things Open 2022
Avatar for David Neal reverentgeek
1
300
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
273
27k
GitHub's CSS Performance
Avatar for Jon Rohan jonrohan
1032
470k
The Mindset for Success: Future Career Progression
Avatar for Greg Gifford greggifford
PRO
0
200
The Art of Delivering Value - GDevCon NA Keynote
Avatar for David Neal reverentgeek
16
1.8k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
Introduction to Domain-Driven Design and Collaborative software design
Avatar for Kenny Baas-Schwegler baasie
1
520
For a Future-Friendly Web
Avatar for Brad Frost brad_frost
180
10k
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
370
20k
How to Grow Your eCommerce with AI & Automation
Avatar for Katarina Dahlin katarinadahlin
PRO
0
78
The untapped power of vector embeddings
Avatar for Frank van Dijk frankvandijk
1
1.5k
Evolving SEO for Evolving Search Engines
Avatar for Ryan Jones ryanjones
0
77

Transcript

  1. Hello webclerks :)

  2. Content Security Policy 101

  3. Content Security Policy 101 Can Christoph do 40 slides in

    5 minutes?

  4. ABOUT ME

  5. CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel

    christoph-rumpel.com

  6. SECURITY IS HARD

  7. SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing

    Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks

  8. Adobe Playstation Network Cloudflare FAMOUS LEAKS

  9. How can we protect our sites when even big companies

    can't?

  10. Step by step

  11. CONTENT SECURITY POLICY

  12. CSP lets you define trusted resources.

  13. Content-Security-Policy: policies

  14. Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE

  15. img-src *; script-src 'self'; DIRECTIVES

  16. img-src *; script-src 'self'; LOCATIONS

  17. img-src *; script-src 'self'; TRANSLATED Images are allowed to be

    loaded from any resource

  18. img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be

    loaded from the current site's origin only

  19. img-src script-src DIRECTIVES

  20. img-src script-src style-src font-src media-src form-action ...

  21. * 'self' LOCATIONS

  22. * 'self' domain.example.com *.example.com 'none' ...

  23. CSP christoph-rumpel.com

  24. BROWSER SUPPORT

  25. BROWSER SUPPORT

  26. INTEGRATIONS

  27. SERVER CONFIGURATION Apache

  28. SERVER CONFIGURATION Nginx

  29. LARAVEL MIDDLEWARE

  30. WP Content Security Policy Plugin - Screenshot Policies PLUGINS

  31. MUCH MORE

  32. HASHES AND NONCES

  33. REPORTING

  34. Content Security Policy 101 Laravel Response Caching And CSP CSP,

    Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES

  35. THANKS

  36. QUESTIONS?

  37. THANKS AGAIN