Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
96
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
45
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
460
Debugging with PhpStorm & XDebug
christophrumpel
0
180
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
710
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
110
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
240
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
210
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
130
The Laravel Core - Demystify The Beast (LaravelLive UK)
christophrumpel
0
200
Other Decks in Technology
See All in Technology
Hands-on Gemini, the Google DeepMind LLM
meteatamel
1
110
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
5
500
Cracking the KubeCon CfP
inductor
2
240
Delivering Millions of Messages within seconds @ Duolingo
pelelgrino
0
350
Azureの基本的な権限管理の勉強会
yhana
0
260
いつか使うかも貯金してたらめちゃめちゃ機能が増えてた話
riyaamemiya
0
110
ChatworkのSRE部って実は 半分くらいPlatform Engineering部かもしれない
saramune
0
160
Janus
bkuhlmann
1
490
SPI原点回帰論:事業課題とFour Keysの結節点を見出す実践的ソフトウェアプロセス改善 / DevOpsDays Tokyo 2024
visional_engineering_and_design
4
1.9k
私が trocco を推す理由
__allllllllez__
1
220
FrontDoorとWebAppsを組み合わせた際のリダイレクト処理の注意点
kenichirokimura
1
510
Databricks における 『MLOps』
databricksjapan
2
170
Featured
See All Featured
The World Runs on Bad Software
bkeepers
PRO
61
6.7k
Making the Leap to Tech Lead
cromwellryan
124
8.5k
Fireside Chat
paigeccino
21
2.6k
Rails Girls Zürich Keynote
gr2m
91
13k
The Pragmatic Product Professional
lauravandoore
25
5.8k
Product Roadmaps are Hard
iamctodd
44
9.7k
4 Signs Your Business is Dying
shpigford
175
21k
Fantastic passwords and where to find them - at NoRuKo
philnash
37
2.5k
Building Applications with DynamoDB
mza
88
5.6k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
25
2.3k
Scaling GitHub
holman
457
140k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN