Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

CSP is Dead, Long Live CSP! - On the Insecurity of Whitelists and the Future of the Content Security Policy

Association for Computing Machinery (ACM) via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the evolution and challenges of Content Security Policy (CSP) in this 21-minute conference talk presented at CCS 2016. Delve into the research conducted by Google security experts Lukas Weichselbaum, Michele Spagnuolo, Sebastian Lekies, and Artur Janc as they examine the effectiveness of whitelists and the future of CSP. Learn about the current state of CSP implementation, bypass probabilities, and the implications of whitelisted domains. Gain insights into postprocessing techniques, normalization, and various CSP use cases. Discover the importance of tool support in enhancing CSP effectiveness and understand the broader implications for web security. This talk, delivered at the 23rd ACM Conference on Computer and Communications Security in Vienna, Austria, offers valuable perspectives for web developers, security professionals, and anyone interested in the evolving landscape of web application security.

Syllabus

Introduction
Who are we
What are we doing
Research questions
Postprocessing
Why
Normalization
CSP Use Cases
CSP Policies
Summary
State of CSP
Bypass Probability
Whitelisted Domains
Tool Support

Taught by

ACM CCS

Reviews

Start your review of CSP is Dead, Long Live CSP! - On the Insecurity of Whitelists and the Future of the Content Security Policy

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.