SecAppDev 2023 lecture details

From zero to hero with Content Security Policy

In this session, we identify do's and don'ts when building CSP policies for modern applications. We explore how to enable CSP with third-party content and offer a nuanced opinion on building secure CSP policies.

Tuesday June 13th, 16:00 - 17:30
Room West Wing
Download handouts
Abstract

The main feature of CSP is acting as a second line of defense against XSS. A solid CSP can prevent an existing XSS vulnerability from being exploited. But how do you write a solid CSP policy? And what about compatibility with single page applications?

In this session, we embark on a journey through the different versions of CSP, identifying the relevant parts along the way. With that knowledge, we arrive at the current best practices for building secure CSP policies. We also identify potential conflicts with modern application paradigms and illustrate how to deploy CSP in these cases.

Key takeaway

Modern best practices for building secure CSP policies, along with guidelines for deploying CSP in single page applications

Content level

Advanced

Target audience

Anyone building or securing browser-based applications (web, mobile, electron)

Prerequisites

A solid understanding of HTML and JavaScript.

Join us for SecAppDev. You will not regret it!

Philippe De Ryck
Philippe De Ryck

Security Expert, Pragmatic Web Security

Expertise: Web security, API security, OAuth 2.0, OpenID Connect

More details

Join us for SecAppDev. You will not regret it!

Related lectures

SecAppDev offers the most in-depth content you will find in a conference setting