Mind the CSP Gap: Challenges Developing a Meaningful Content-Security-Policy

Explore the challenges and solutions of implementing Content Security Policy (CSP) in this 36-minute conference talk from LASCON 2016. Discover how to overcome common objections from engineering teams, such as the ineffectiveness of CSP with numerous inline scripts, lack of report analysis, and maintenance difficulties in fast-paced environments. Learn a phased approach to introducing a meaningful CSP, beginning with a permissive report-only policy. Gain insights into developing a CSP strategy that balances security needs with engineering team productivity and application functionality.

2016 - Mind the CSP Gap: Challenges developing a meaningful Content-Security-Policy - Garett Held