Overview
Syllabus
Intro
Background
Crosssite scripting
Cross site scripting
Persistent crosssite scripting
Reflective crosssite scripting
Selfcrosssite scripting
Social engineering
Facebook console
Fight back against hackers
What is a content security policy
Browser support
Resources
Image
Object Source
Style Source
Inline Source
Dont Use It
Nonce
Constant Security
Breaking Production
Breaking the Site
Report URI
Payload
ReportURI
ReportOnly
Over Time
Fun Part
Business buzzwords
Requirements
Gibson
Garbage Files
Update Files
Script
Pop Emoji
Poop Emoji
Corporate Phone Call
Code Base
No poop emojis
No proof emojis
Inline script
Homepage
Gate
Home Page
Garbage File
Content Security Policy
Tips
Cryptographic Nonces
Twig
Multiple Policies
Enforce Report Policies
Test Multiple Policies
Scott Helm
Mr Goodwin
Homework
Taught by
GOTO Conferences