Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Content Security Policy 101 - Lightning Talk

Avatar for Christoph Rumpel Christoph Rumpel
April 24, 2018
Technology
1
120

Content Security Policy 101 - Lightning Talk

This is a 5min talk version of Content Security Policy 101 talk.

Avatar for Christoph Rumpel

Christoph Rumpel

April 24, 2018
Tweet

More Decks by Christoph Rumpel

See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
Avatar for Christoph Rumpel christophrumpel
0
92
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
Avatar for Christoph Rumpel christophrumpel
0
160
Why Refactoring Is The Best Tool To Write Better Code
Avatar for Christoph Rumpel christophrumpel
0
570
Debugging with PhpStorm & XDebug
Avatar for Christoph Rumpel christophrumpel
0
250
The final Laravel Service Container talk (Laracon Online)
Avatar for Christoph Rumpel christophrumpel
1
780
NomadPHP - The Laravel Core - Demystify The Beast
Avatar for Christoph Rumpel christophrumpel
0
160
Laravel Factories Reloaded (Laracon Online)
Avatar for Christoph Rumpel christophrumpel
1
310
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
Avatar for Christoph Rumpel christophrumpel
0
250
The Laravel Core - Demystify The Beast (New York)
Avatar for Christoph Rumpel christophrumpel
0
220

Other Decks in Technology

See All in Technology
マイクロサービスへの5年間 ぶっちゃけ何をしてどうなったか
Avatar for Tomohiro Hashidate joker1007
22
8.3k
AIエージェントを5分で一気におさらい! AIエージェント「構築」元年に備えよう
Avatar for やくも yakumo
1
110
アプリにAIを正しく組み込むための アーキテクチャ── 国産LLMの現実と実践
Avatar for Yasushi Taki kohju
0
240
20251203_AIxIoTビジネス共創ラボ_第4回勉強会_BP山崎.pdf
Avatar for AIxIoTビジネス共創ラボ iotcomjpadmin
0
140
フィッシュボウルのやり方 / How to do a fishbowl
Avatar for Pauli pauli
2
400
Strands AgentsとNova 2 SonicでS2Sを実践してみた
Avatar for Yuuki Yamashita yama3133
1
2k
小さく、早く、可能性を多産する。生成AIプロジェクト / prAIrie-dog
Avatar for Visional Engineering & Design visional_engineering_and_design
0
110
AI時代のワークフロー設計〜Durable Functions / Step Functions / Strands Agents を添えて〜
Avatar for やくも yakumo
3
2.3k
Strands Agents × インタリーブ思考 で変わるAIエージェント設計 / Strands Agents x Interleaved Thinking AI Agents
Avatar for Takanori Suzuki takanorig
5
2.2k
投資戦略を量産せよ 2 - マケデコセミナー(2025/12/26)
Avatar for tomo gamella
0
470
M&Aで拡大し続けるGENDAのデータ活用を促すためのDatabricks権限管理 / AEON TECH HUB #22
Avatar for GENDA genda
0
280
Agent Skillsがハーネスの垣根を超える日
Avatar for Gota gotalab555
6
4.5k

Featured

See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.6k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
52
5.8k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3.3k
From π to Pie charts
Avatar for Rasagy Sharma rasagy
0
92
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
Avatar for Aleyda Solis aleyda
1
1.7k
The Illustrated Children's Guide to Kubernetes
Avatar for Chris Short chrisshort
51
51k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
13k
Prompt Engineering for Job Search
Avatar for Mfonobong Umondia mfonobong
0
130
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
666
130k
Sam Torres - BigQuery for SEOs
Avatar for Tech SEO Connect techseoconnect
PRO
0
150
Exploring the relationship between traditional SERPs and Gen AI search
Avatar for Ray Grieselhuber raygrieselhuber
PRO
2
3.5k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
408
66k

Transcript

  1. Hello webclerks :)

  2. Content Security Policy 101

  3. Content Security Policy 101 Can Christoph do 40 slides in

    5 minutes?

  4. ABOUT ME

  5. CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel

    christoph-rumpel.com

  6. SECURITY IS HARD

  7. SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing

    Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks

  8. Adobe Playstation Network Cloudflare FAMOUS LEAKS

  9. How can we protect our sites when even big companies

    can't?

  10. Step by step

  11. CONTENT SECURITY POLICY

  12. CSP lets you define trusted resources.

  13. Content-Security-Policy: policies

  14. Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE

  15. img-src *; script-src 'self'; DIRECTIVES

  16. img-src *; script-src 'self'; LOCATIONS

  17. img-src *; script-src 'self'; TRANSLATED Images are allowed to be

    loaded from any resource

  18. img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be

    loaded from the current site's origin only

  19. img-src script-src DIRECTIVES

  20. img-src script-src style-src font-src media-src form-action ...

  21. * 'self' LOCATIONS

  22. * 'self' domain.example.com *.example.com 'none' ...

  23. CSP christoph-rumpel.com

  24. BROWSER SUPPORT

  25. BROWSER SUPPORT

  26. INTEGRATIONS

  27. SERVER CONFIGURATION Apache

  28. SERVER CONFIGURATION Nginx

  29. LARAVEL MIDDLEWARE

  30. WP Content Security Policy Plugin - Screenshot Policies PLUGINS

  31. MUCH MORE

  32. HASHES AND NONCES

  33. REPORTING

  34. Content Security Policy 101 Laravel Response Caching And CSP CSP,

    Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES

  35. THANKS

  36. QUESTIONS?

  37. THANKS AGAIN