Content Security Policy 101

Content Security Policy 101

As more and more services get digital these days, security has become a significant aspect of every application. Especially when it comes to third-party code, it is challenging to guarantee safety. But in general, XSS and Code Injection is a big problem these days. Content Security Policy provides another layer of security that helps to detect and protect different attacks. In this talks, I will introduce this concept and its main features, as well as show implementation examples for Laravel.

14d39e65f615fd6dcb9dd44ea7f7995b?s=128

Christoph Rumpel

July 25, 2018
Tweet

Transcript

  1. 7.

    SSL Input Handling Updates Packages CSRF Rate Limits Weak Typing

    Error Handling Storing Credentials Server Access SQL Prepared Statements Passwords Brute Force Attacks
  2. 12.

    Content Security Policy (CSP) is an added layer of security

    that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. “ „ MDN WEB DOCS
  3. 21.

    img-src *; script-src 'self'; TRANSLATED Scripts are allowed to be

    loaded from the current site's origin only
  4. 39.
  5. 43.
  6. 44.

    Make it harder for attackers Find mixed content Learn about

    your resources Take control ADVANTAGES
  7. 45.

    Use CSP Don't allow inline stuff Start in report-only mode

    Learn about dependencies TAKE WITH YOU
  8. 46.
  9. 48.

    Content Security Policy 101 Laravel Response Caching And CSP CSP,

    Hash-Algorithm, and Turbolinks Quick CSP Reference Guide MDN web docs CSP Level 2 W3C Recommendation CSP Level 3 Working Draft Feature Policy Draft RESOURCES