Explore the intricacies of Content Security Policy (CSP) in this 47-minute conference talk from the OWASP Foundation. Delve into script content control, secure network connection enforcement, and framing control techniques. Learn how to implement TLS via CSP, understand the differences between X-Frame-Options and CSP frame ancestors, and discover best practices for framing control. Gain valuable insights from a developer study and take away key messages to enhance web application security. Participate in a survey to reinforce your understanding of CSP implementation strategies.
Restricting the Scripts, You're to Blame, You Give CSP a Bad Name
Overview
Syllabus
Intro
Content Security Policy
Script Content Control - Example
Enforce Secure Network Connections
How to enforce TLS via CSP
Take Aways-TLS Enforcement
Framing Control - X-Frame-Options
Framing Control - Partial support
Framing Control - Double Framing
Framing Control - CSP frame ancestors
Best practice for framing control
Framing Control -XFO vs. CSP
Framing Control - Developer Study
Take Away Messages
Survey Time!
Taught by
OWASP Foundation
