CSP Pitfalls and Gotchas

Explore the intricacies of Content Security Policy (CSP) implementation in this 15-minute lightning talk from AppSec EU 2017. Delve into common pitfalls and gotchas associated with CSP, covering topics such as whitelist issues, Same-Origin Policy, and unsafe inline practices. Learn effective strategies to overcome these challenges and gain insights on building a perfect framework for robust web application security. Presented by Ilya Nesterov and managed by the official OWASP Media Project, this concise yet informative session provides valuable knowledge for web developers and security professionals looking to enhance their understanding of CSP best practices.

Introduction
Whitelist Issues
SameOrigin Policy
Unsafe Inline
What to do
Build Perfect Framework
Summary