Talk in English - UK at PHP South Coast 2017
Track Name:
Jetbrains Track
View Slides: https://www.slideshare.net/Brunty/content-security-policies-lets-break-stuff-php-south-coast-2017
Checkout the code: https://github.com/Brunty/csp-demo
Short URL: https://joind.in/talk/e45c8
(QR-Code (opens in new window))
Content Security Policies are another tool we should have in our security toolbelt to help protect users of our sites. In this session I’ll cover what they are, why they’re needed, how they work and the limitations on what they can & cannot do to protect users.
I’ll demo attacks a CSP will block, break things, show what the different CSP directives & options will do and introduce some of the tools available to help with implementing a CSP on your sites!
Comments
Comments are closed.
Awesome talk! Clear, entertaining and really useful. Thanks Matt
A difficult topic to cover all aspects of, and even more difficult to demo effectively - but you did a great job!
Also ? the "I Break Stuff" stickers ?
Having attempted to implement a CSR myself and broken lots of stuff, this talk was invaluable.
I had completely missed that you can add report only headers! And also nonces will help me avoid using 'unsafe-inline'.
Matt took what was potentially a very dry subject and through his speaking style and pacing made a very interesting and at times fun talk. Probably my favourite talk of the conference.
A really interesting and useful talk. A good introduction to content security policies.
I've seen Matt speak before and he is a calm, confident and informative speaker. I like his style.
Great talk on this, I hadn't even heard about this topic before. The only I thing I'd say is it would be good to give a very quick overview of how these are implemented at the start, having not heard of them before I took me a while to realise they were sent in the HTTP headers which made earlier parts of the talk harder to grasp.