Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Fixing XSS with Content Security Policy

LASCON via YouTube

Overview

Explore the intricacies of Content Security Policy (CSP) as a defense against cross-site scripting (XSS) in this 30-minute LASCON conference talk. Delve into the differences between CSP 1.0 and 2.0, understanding their implications for web application developers. Learn how CSP protects against XSS attacks and whether traditional defenses like input validation and output encoding are still necessary. Discover practical steps to implement CSP on your website, including the use of wildcards, default policies, and monitoring techniques. Examine the challenges of inline JavaScript and how CSP addresses them through nonce and hash source mechanisms. Gain valuable insights from Senior Security Consultant Ksenia Dmitrieva on effectively leveraging CSP to enhance your web application's security posture.

Syllabus

Intro
About Ksenia
Dombased XSS
Script source
Wildcards
Default
CSS
Connect Source
Monitoring
Report Only Policy
Inline JavaScript
CSP
Nonce
Hash Source

Taught by

LASCON

Reviews

Start your review of Fixing XSS with Content Security Policy

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.