Explore the intricacies of Content Security Policy (CSP) implementation in this 15-minute lightning talk from AppSec EU 2017. Delve into common pitfalls and gotchas associated with CSP, covering topics such as whitelist issues, Same-Origin Policy, and unsafe inline practices. Learn effective strategies to overcome these challenges and gain insights on building a perfect framework for robust web application security. Presented by Ilya Nesterov and managed by the official OWASP Media Project, this concise yet informative session provides valuable knowledge for web developers and security professionals looking to enhance their understanding of CSP best practices.
Overview
Syllabus
Introduction
Whitelist Issues
SameOrigin Policy
Unsafe Inline
What to do
Build Perfect Framework
Summary
Taught by
OWASP Foundation
Related Courses
-
CSP Oddities
-
CSP - The Good, the Bad and the Ugly
-
No More XSS - Deploying CSP with Nonces and Strict-Dynamic
-
Content Security Policy Evolution: From Whitelists to Strict-Dynamic - AppSec EU 2017
-
Roadblocks for Content Security Policy (CSP) Implementation - Developer Challenges and Solutions
-
Restricting the Scripts, You're to Blame, You Give CSP a Bad Name
