Explore the challenges and solutions of implementing Content Security Policy (CSP) in this 36-minute conference talk from LASCON 2016. Discover how to overcome common objections from engineering teams, such as the ineffectiveness of CSP with numerous inline scripts, lack of report analysis, and maintenance difficulties in fast-paced environments. Learn a phased approach to introducing a meaningful CSP, beginning with a permissive report-only policy. Gain insights into developing a CSP strategy that balances security needs with engineering team productivity and application functionality.
Mind the CSP Gap: Challenges Developing a Meaningful Content-Security-Policy
Overview
Syllabus
2016 - Mind the CSP Gap: Challenges developing a meaningful Content-Security-Policy - Garett Held
Taught by
LASCON
Related Courses
-
Defeating Cross-site Scripting with Content Security Policy 2
-
Roadblocks for Content Security Policy (CSP) Implementation - Developer Challenges and Solutions
-
Pushing Content Security Policy to Production - Case Study of Real-World Implementation
-
Making CSP Great Again - Enhancing Content Security Policy
-
Content Security Policy (CSP) - Understanding and Implementing Web Protection
-
Fixing XSS with Content Security Policy
