YoVDO

CSP is Dead, Long Live CSP! - On the Insecurity of Whitelists and the Future of the Content Security Policy

Offered By: Association for Computing Machinery (ACM) via YouTube

Tags

ACM CCS (Computer and Communications Security) Courses Web Security Courses Normalization Courses Content Security Policy Courses

Course Description

Overview

Explore the evolution and challenges of Content Security Policy (CSP) in this 21-minute conference talk presented at CCS 2016. Delve into the research conducted by Google security experts Lukas Weichselbaum, Michele Spagnuolo, Sebastian Lekies, and Artur Janc as they examine the effectiveness of whitelists and the future of CSP. Learn about the current state of CSP implementation, bypass probabilities, and the implications of whitelisted domains. Gain insights into postprocessing techniques, normalization, and various CSP use cases. Discover the importance of tool support in enhancing CSP effectiveness and understand the broader implications for web security. This talk, delivered at the 23rd ACM Conference on Computer and Communications Security in Vienna, Austria, offers valuable perspectives for web developers, security professionals, and anyone interested in the evolving landscape of web application security.

Syllabus

Introduction
Who are we
What are we doing
Research questions
Postprocessing
Why
Normalization
CSP Use Cases
CSP Policies
Summary
State of CSP
Bypass Probability
Whitelisted Domains
Tool Support


Taught by

ACM CCS

Related Courses

Internet History, Technology, and Security
University of Michigan via Coursera
Client-Server Communication
Google via Udacity
HTTP & Web Servers
Udacity
Network Security
Georgia Institute of Technology via Udacity
Web Security Fundamentals
KU Leuven University via edX