Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

CSP Oddities

Hack In The Box Security Conference via YouTube

Overview

Explore the intricacies of Content Security Policy (CSP) in this comprehensive conference talk from the Hack In The Box Security Conference. Delve into the challenges of CSP deployment, common pitfalls, and browser compatibility issues. Discover juicy bypasses exploiting JSONP endpoints and outdated AngularJS versions on CDNs. Learn about a revolutionary approach to CSP implementation using nonces and a new CSP3 feature. Gain insights into effective CSP policy deployment, understand potential vulnerabilities, and explore how CSP adapts to modern web technologies. Presented by Michele Spagnuolo and Lukas Weichselbaum, experienced information security engineers from Google, this talk covers topics such as CSP basics, breaking CSP, whitelist models, CSP tools, nonce propagation, and browser support. Whether you're a defender or an attacker, acquire valuable knowledge to enhance your understanding of web application security.

Syllabus

Introduction
Google Zurich
Summary
What is CSP
Content Security Policy
Breaking CSP
Examples
Default source
Whitelist
JSONP
Angular
Paths
CSP Tool
CSP Nonces
Nonce
Nonce Propagation
Unsafe Dynamic
Demo
CSP Oddities
Browser Support
Success Stories

Taught by

Hack In The Box Security Conference

Reviews

Start your review of CSP Oddities

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.