Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Content Security Policies - Let's Break Stuff

GOTO Conferences via YouTube

Overview

Explore the world of Content Security Policies (CSPs) in this informative conference talk from GOTO Copenhagen 2018. Delve into the importance of CSPs as a crucial security tool, understanding their functionality, implementation, and limitations in protecting website users. Witness demonstrations of attacks thwarted by CSPs, observe a site intentionally broken by a CSP, and learn about various CSP directives and options. Gain insights into available tools for working with CSPs and discover how to effectively integrate them into your security strategy. Perfect for developers and security professionals looking to enhance their web application security knowledge.

Syllabus

Intro
Background
Crosssite scripting
Cross site scripting
Persistent crosssite scripting
Reflective crosssite scripting
Selfcrosssite scripting
Social engineering
Facebook console
Fight back against hackers
What is a content security policy
Browser support
Resources
Image
Object Source
Style Source
Inline Source
Dont Use It
Nonce
Constant Security
Breaking Production
Breaking the Site
Report URI
Payload
ReportURI
ReportOnly
Over Time
Fun Part
Business buzzwords
Requirements
Gibson
Garbage Files
Update Files
Script
Pop Emoji
Poop Emoji
Corporate Phone Call
Code Base
No poop emojis
No proof emojis
Inline script
Homepage
Gate
Home Page
Garbage File
Content Security Policy
Tips
Cryptographic Nonces
Twig
Multiple Policies
Enforce Report Policies
Test Multiple Policies
Scott Helm
Mr Goodwin
Homework

Taught by

GOTO Conferences

Reviews

Start your review of Content Security Policies - Let's Break Stuff

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.