Content Security Policy Evolution: From Whitelists to Strict-Dynamic - AppSec EU 2017

Content Security Policy Evolution: From Whitelists to Strict-Dynamic - AppSec EU 2017

OWASP Foundation via YouTube Direct link

Recap: What is 'strict-dynamic'?

4 of 21

4 of 21

Recap: What is 'strict-dynamic'?

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Content Security Policy Evolution: From Whitelists to Strict-Dynamic - AppSec EU 2017

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Summary
  3. 3 Recap: How do CSP Nonces Work?
  4. 4 Recap: What is 'strict-dynamic'?
  5. 5 CSP Support in Core Frameworks
  6. 6 One Policy to Rule Them All!
  7. 7 Closure Templates with auto-noncing
  8. 8 SHIP IT !!1
  9. 9 New 'report-sample' keyword
  10. 10 Report Noise
  11. 11 CSP Mitigator
  12. 12 CSP Evaluator
  13. 13 CSP Frontend
  14. 14 Detailed CSP Violation Reports View
  15. 15 Measuring Coverage
  16. 16 Injection of
  17. 17 Steal and Reuse Nonces
  18. 18 Mitigating Bypasses
  19. 19 JS Framework/Library CSP Bypasses
  20. 20 jQuery 2.x Script Evaluation Logic
  21. 21 Wrapping Up

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.