No More XSS - Deploying CSP with Nonces and Strict-Dynamic

No More XSS - Deploying CSP with Nonces and Strict-Dynamic

Security BSides San Francisco via YouTube Direct link

Crosssite scripting

3 of 26

3 of 26

Crosssite scripting

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

No More XSS - Deploying CSP with Nonces and Strict-Dynamic

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Introduction
  2. 2 Agenda
  3. 3 Crosssite scripting
  4. 4 Templates and autoescape
  5. 5 No crosssite scripting
  6. 6 Content security policy
  7. 7 Domain whitelist
  8. 8 Object source base URI
  9. 9 HTML injection
  10. 10 Inline scripts
  11. 11 CSP nonces
  12. 12 What can go wrong
  13. 13 Hashes
  14. 14 Whitelisting
  15. 15 Strictdynamic
  16. 16 JavaScript templates
  17. 17 Deploying CSP
  18. 18 Easier to deploy
  19. 19 Code changes
  20. 20 Nonces
  21. 21 Change templates
  22. 22 Report only mode
  23. 23 CSP policy
  24. 24 Resources
  25. 25 Questions
  26. 26 Report URL

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.