Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

A Successful Mess Between Hardening and Mitigation

Hack In The Box Security Conference via YouTube

Overview

Explore the intricacies of Content Security Policy (CSP) and its role in combating XSS vulnerabilities in this in-depth talk from the Hack In The Box Security Conference. Delve into the technical analysis of various CSP flavors and their effectiveness against different classes of XSS vulnerabilities, debunking common myths and misconceptions. Gain insights into the blurred lines between hardening and mitigation techniques, and understand how CSP can provide robust defense-in-depth guarantees while enforcing best coding practices. Learn advanced CSP techniques and examine real-world data on how CSP has prevented XSS exploitation in sensitive applications on modern browsers. Discover the strengths, limitations, and complexity of CSP, covering topics such as nonce-based CSP, Ghostbase CSP, Strict Dynamic, Trusted Types, CSP Coverage, reporting, and detection. Equip yourself with practical knowledge on implementing and evaluating CSP, including examples, tricks, and tools like the CSP evaluator.

Syllabus

Intro
Web Platform Bugs
Google CSP
Ghostbase CSP
Level 1 CSP
Advanced CSP
Refactoring
Strict Dynamic
Trusted Types
CSP Coverage
Guru Section
CSP
Nonce Only
Example
CSS
CSP Reporting
CSP Detection
Trick Dynamic
Conclusion
CSP evaluator
Questions
Browser Cache
SSRI

Taught by

Hack In The Box Security Conference

Reviews

Start your review of A Successful Mess Between Hardening and Mitigation

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.