Overview
Explore a real-world case study of implementing Content Security Policy (CSP) in a production environment. Learn about the challenges and solutions encountered while integrating CSP into SendSafely.com, a customer-facing web application heavily reliant on JavaScript and HTML5. Discover the nuances of CSP implementation across major browsers, techniques for converting inline JavaScript to comply with strict CSP, and strategies for handling third-party scripts. Gain insights into dealing with HTML5 API edge cases and the surprising results of runtime CSP violation reporting. Benefit from the speakers' experience to make informed decisions about implementing CSP in your own web applications, whether starting from scratch or retrofitting existing projects.
Syllabus
Pushing CSP to PROD - Brian Holyfield, Erik Larsson
Taught by
OWASP Foundation