Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
100
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
41
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
87
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
490
Debugging with PhpStorm & XDebug
christophrumpel
0
190
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
720
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
120
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
250
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
220
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
160
Other Decks in Technology
See All in Technology
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
RubyのWebアプリケーションを50倍速くする方法 / How to Make a Ruby Web Application 50 Times Faster
hogelog
3
940
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
社内で最大の技術的負債のリファクタリングに取り組んだお話し
kidooonn
1
550
[FOSS4G 2024 Japan LT] LLMを使ってGISデータ解析を自動化したい!
nssv
1
210
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
380
Making your applications cross-environment - OSCG 2024 NA
salaboy
0
180
Security-JAWS【第35回】勉強会クラウドにおけるマルウェアやコンテンツ改ざんへの対策
4su_para
0
170
Engineer Career Talk
lycorp_recruit_jp
0
140
透過型SMTPプロキシによる送信メールの可観測性向上: Update Edition / Improved observability of outgoing emails with transparent smtp proxy: Update edition
linyows
2
210
iOS/Androidで同じUI体験をネ イティブで作成する際に気をつ けたい落とし穴
fumiyasac0921
1
110
Can We Measure Developer Productivity?
ewolff
1
150
Featured
See All Featured
Building a Scalable Design System with Sketch
lauravandoore
459
33k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
5 minutes of I Can Smell Your CMS
philhawksworth
202
19k
Typedesign – Prime Four
hannesfritz
40
2.4k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
Faster Mobile Websites
deanohume
305
30k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
The Pragmatic Product Professional
lauravandoore
31
6.3k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
8
860
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
Become a Pro
speakerdeck
PRO
25
5k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.2k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN
christophrumpel
hirosatogamo
hogelog
tubone24
kidooonn
nssv
kitsuya0828
salaboy
4su_para
lycorp_recruit_jp
linyows
fumiyasac0921
ewolff
lauravandoore
reverentgeek
philhawksworth
hannesfritz
soudai
deanohume
marcelosomers
hatefulcrawdad
speakerdeck
paulrobertlloyd
