Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Content Security Policy 101 - Lightning Talk
Search
Christoph Rumpel
April 24, 2018
Technology
1
100
Content Security Policy 101 - Lightning Talk
This is a 5min talk version of Content Security Policy 101 talk.
Christoph Rumpel
April 24, 2018
Tweet
Share
More Decks by Christoph Rumpel
See All by Christoph Rumpel
How To Manage 5000+ Tests Efficiently
christophrumpel
0
50
Christoph Dreams Of Simple Code (Laravel Vienna Meetup)
christophrumpel
0
110
Why Refactoring Is The Best Tool To Write Better Code
christophrumpel
0
510
Debugging with PhpStorm & XDebug
christophrumpel
0
200
The final Laravel Service Container talk (Laracon Online)
christophrumpel
1
730
NomadPHP - The Laravel Core - Demystify The Beast
christophrumpel
0
120
Laravel Factories Reloaded (Laracon Online)
christophrumpel
1
270
The Beauty of Laravel's Notification System (Laracon EU Amsterdam)
christophrumpel
0
230
The Laravel Core - Demystify The Beast (New York)
christophrumpel
0
170
Other Decks in Technology
See All in Technology
偏光画像処理ライブラリを作った話
elerac
1
180
IAMのマニアックな話2025
nrinetcom
PRO
6
1.3k
データエンジニアリング領域におけるDuckDBのユースケース
chanyou0311
9
2.3k
AIエージェント元年@日本生成AIユーザ会
shukob
1
240
1行のコードから社会課題の解決へ: EMの探究、事業・技術・組織を紡ぐ実践知 / EM Conf 2025
9ma3r
12
4.2k
EDRの検知の仕組みと検知回避について
chayakonanaika
12
5.1k
IAMポリシーのAllow/Denyについて、改めて理解する
smt7174
2
210
わたしがEMとして入社した「最初の100日」の過ごし方 / EMConfJp2025
daiksy
14
5.2k
ExaDB-XSで利用されているExadata Exascaleについて
oracle4engineer
PRO
3
270
入門 PEAK Threat Hunting @SECCON
odorusatoshi
0
170
AWSを活用したIoTにおけるセキュリティ対策のご紹介
kwskyk
0
410
Fraxinus00tw assembly manual
fukumay
0
130
Featured
See All Featured
It's Worth the Effort
3n
184
28k
The Straight Up "How To Draw Better" Workshop
denniskardys
232
140k
Site-Speed That Sticks
csswizardry
4
410
Producing Creativity
orderedlist
PRO
344
40k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
10
1.3k
Side Projects
sachag
452
42k
Build The Right Thing And Hit Your Dates
maggiecrowley
34
2.5k
YesSQL, Process and Tooling at Scale
rocio
172
14k
Facilitating Awesome Meetings
lara
52
6.2k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.7k
Testing 201, or: Great Expectations
jmmastey
42
7.2k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Transcript
Hello webclerks :)
Content Security Policy 101
Content Security Policy 101 Can Christoph do 40 slides in
5 minutes?
ABOUT ME
CHRISTOPH RUMPEL Web Developer PHP / Laravel Chatbots Talks @christophrumpel
christoph-rumpel.com
SECURITY IS HARD
SSL Input Handling Updates Packages Extension CSRF NONCES Weak Typing
Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
Adobe Playstation Network Cloudflare FAMOUS LEAKS
How can we protect our sites when even big companies
can't?
Step by step
CONTENT SECURITY POLICY
CSP lets you define trusted resources.
Content-Security-Policy: policies
Content-Security-Policy: img-src *; script-src 'self'; Policies EXAMPLE
img-src *; script-src 'self'; DIRECTIVES
img-src *; script-src 'self'; LOCATIONS
img-src *; script-src 'self'; TRANSLATED Images are allowed to be
loaded from any resource
img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be
loaded from the current site's origin only
img-src script-src DIRECTIVES
img-src script-src style-src font-src media-src form-action ...
* 'self' LOCATIONS
* 'self' domain.example.com *.example.com 'none' ...
CSP christoph-rumpel.com
BROWSER SUPPORT
BROWSER SUPPORT
INTEGRATIONS
SERVER CONFIGURATION Apache
SERVER CONFIGURATION Nginx
LARAVEL MIDDLEWARE
WP Content Security Policy Plugin - Screenshot Policies PLUGINS
MUCH MORE
HASHES AND NONCES
REPORTING
Content Security Policy 101 Laravel Response Caching And CSP CSP,
Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft RESOURCES
THANKS
QUESTIONS?
THANKS AGAIN