Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
100
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
49
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
110
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
510
Debugging with PhpStorm & XDebug
christophrumpel
0
200
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
730
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
120
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
260
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
230
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
170
Other Decks in Technology
See All in Technology
開発組織を進化させる!AWSで実践するチームトポロジー
iwamot
1
340
RemoveだらけのPHPUnit 12に備えよう
cocoeyes02
0
270
AWSアカウントのセキュリティ自動化、どこまで進める? 最適な設計と実践ポイント
yuobayashi
7
540
いまからでも遅くない!コンテナでWebアプリを動かしてみよう!コンテナハンズオン編
nomu
0
150
Amazon Q Developerの無料利用枠を使い倒してHello worldを表示させよう!
nrinetcom
PRO
2
110
Aurora PostgreSQLがCloudWatch Logsに 出力するログの課金を削減してみる #jawsdays2025
non97
1
190
Snowflakeの開発・運用コストをApache Icebergで効率化しよう!~機能と活用例のご紹介~
sagara
1
430
遷移の高速化 ヤフートップの試行錯誤
narirou
6
1.1k
実は強い 非ViTな画像認識モデル
tattaka
2
1.2k
脳波を用いた嗜好マッチングシステム
hokkey621
0
280
LINE NEWSにおけるバックエンド開発
lycorptech_jp
PRO
0
230
アジャイルな開発チームでテスト戦略の話は誰がする? / Who Talks About Test Strategy?
ak1210
1
540
Featured
See All Featured
Gamification - CAS2011
davidbonilla
80
5.2k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
40
2k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.1k
It's Worth the Effort
3n
184
28k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.4k
Bootstrapping a Software Product
garrettdimon
PRO
306
110k
Imperfection Machines: The Place of Print at Facebook
scottboms
267
13k
Typedesign – Prime Four
hannesfritz
40
2.5k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
30
4.6k
Learning to Love Humans: Emotional Interface Design
aarron
273
40k
Raft: Consensus for Rubyists
vanstee
137
6.8k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN