Fixing XSS with Content Security Policy
Offered By: LASCON via YouTube
Course Description
Overview
Explore the intricacies of Content Security Policy (CSP) as a defense against cross-site scripting (XSS) in this 30-minute LASCON conference talk. Delve into the differences between CSP 1.0 and 2.0, understanding their implications for web application developers. Learn how CSP protects against XSS attacks and whether traditional defenses like input validation and output encoding are still necessary. Discover practical steps to implement CSP on your website, including the use of wildcards, default policies, and monitoring techniques. Examine the challenges of inline JavaScript and how CSP addresses them through nonce and hash source mechanisms. Gain valuable insights from Senior Security Consultant Ksenia Dmitrieva on effectively leveraging CSP to enhance your web application's security posture.
Syllabus
Intro
About Ksenia
Dombased XSS
Script source
Wildcards
Default
CSS
Connect Source
Monitoring
Report Only Policy
Inline JavaScript
CSP
Nonce
Hash Source
Taught by
LASCON
Related Courses
Comparing WAF and RASP - Why?LASCON via YouTube API Security - Is it the New Application Attack Surface and How to Secure at Enterprise Scale
LASCON via YouTube Privacy Impact Assessments - How Much Privacy Is Enough?
LASCON via YouTube Your Frontier Defense - Understanding Web Application Firewalls
LASCON via YouTube Doing This One Crazy Thing Will Change Your AppSec Program Forever
LASCON via YouTube