Explore a real-world case study of implementing Content Security Policy (CSP) in a production environment. Learn about the challenges and solutions encountered while integrating CSP into SendSafely.com, a customer-facing web application heavily reliant on JavaScript and HTML5. Discover the nuances of CSP implementation across major browsers, techniques for converting inline JavaScript to comply with strict CSP, and strategies for handling third-party scripts. Gain insights into dealing with HTML5 API edge cases and the surprising results of runtime CSP violation reporting. Benefit from the speakers' experience to make informed decisions about implementing CSP in your own web applications, whether starting from scratch or retrofitting existing projects.
Pushing Content Security Policy to Production - Case Study of Real-World Implementation
Overview
Syllabus
Pushing CSP to PROD - Brian Holyfield, Erik Larsson
Taught by
OWASP Foundation
Related Courses
-
Defeating Cross-site Scripting with Content Security Policy 2
-
Roadblocks for Content Security Policy (CSP) Implementation - Developer Challenges and Solutions
-
Mind the CSP Gap: Challenges Developing a Meaningful Content-Security-Policy
-
Content Security Policy (CSP) - Understanding and Implementing Web Protection
-
Scaling Content Security Policy: Enterprise Compliance and Third-Party Resource Management
