Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
110
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
66
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
130
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
540
Debugging with PhpStorm & XDebug
christophrumpel
0
220
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
760
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
130
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
290
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
240
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
200
Other Decks in Technology
See All in Technology
ビジネス職が分析も担う事業部制組織でのデータ活用の仕組みづくり / Enabling Data Analytics in Business-Led Divisional Organizations
zaimy
1
390
マルチプロダクト環境におけるSREの役割 / SRE NEXT 2025 lunch session
sugamasao
1
730
AI エージェントと考え直すデータ基盤
na0
20
7.9k
CDK Vibe Coding Fes
tomoki10
1
630
振り返りTransit Gateway ~VPCをいい感じでつなげるために~
masakiokuda
3
210
All About Sansan – for New Global Engineers
sansan33
PRO
1
1.2k
サービスを止めるな! DDoS攻撃へのスマートな備えと最前線の事例
coconala_engineer
1
180
セキュアなAI活用のためのLiteLLMの可能性
tk3fftk
1
330
cdk initで生成されるあのファイル達は何なのか/cdk-init-generated-files
tomoki10
1
670
ソフトウェアQAがハードウェアの人になったの
mineo_matsuya
3
200
Introduction to Sansan, inc / Sansan Global Development Center, Inc.
sansan33
PRO
0
2.7k
本当にわかりやすいAIエージェント入門
segavvy
1
400
Featured
See All Featured
Building Flexible Design Systems
yeseniaperezcruz
328
39k
It's Worth the Effort
3n
185
28k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
How to train your dragon (web standard)
notwaldorf
96
6.1k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
45
7.5k
Building Applications with DynamoDB
mza
95
6.5k
What's in a price? How to price your products and services
michaelherold
246
12k
Faster Mobile Websites
deanohume
308
31k
Fireside Chat
paigeccino
37
3.5k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.3k
The World Runs on Bad Software
bkeepers
PRO
70
11k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
282
13k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN