Overview
Syllabus
Intro
Quick Intro
Cross-Site Scripting (XSS)
Content Security Policy (CSP)
CSP Adoption over time
Script Content Control over time
Developer Survey
Research Questions
Methodology
Drawing Task
Motivations
Roadblock: Complexity
Roadblock: Information Sources
Roadblock: Legacy Code
Roadblocks: Different Teams
Inline Code / 3rd-Parties
3rd-Parties - maintenance effort
Roadblock: Browsers
Problem Solving: Inline Code
Problem Solving Strategies
Problem Solving: Inline Events
Problem Solving: Third Parties
How to start with CSP?
How to harden my CSP?
Conclusion
Taught by
OWASP Foundation