Content Security Policies are another tool we should have in our security toolbelt to help protect users of our sites. In this session I’ll cover what they are, why they’re needed, how they work and the limitations on what they can & cannot do to protect users.

I’ll demo attacks a CSP will block, break things, show what the different CSP directives & options will do and introduce some of the tools available to help with implementing a CSP on your sites!

Comments

Comments are closed.

Great talk and really rather funny

Rated 5

Ken Guest at 13:21 on 4 Nov 2017

Fantastic talk, learnt loads. Brunty denies it but he clearly knows his stuff!

Rated 5

David McKay at 13:33 on 4 Nov 2017

Thanks Matt! That was great. Learnt a lot and delivered with a nice touch of humour and humility. Thanks for sharing your production hazards ?

Rated 5

Peter mcdonald at 15:40 on 4 Nov 2017

Hadllomed at csp in the past but never implemented it. Maybe thought it was more of an issue to implement than it actually is. Off to revisit

Great speaker and clearly loves the subject matter.

Rated 5

Harro Verton at 16:33 on 4 Nov 2017

Great talk, Matt knows how to capture an audience. Even with boring stuff like security. ;-)

Ken Guest at 17:35 on 4 Nov 2017

Great talk, very well given and brunty clearly knows his stuff. Learnt a lot.

Rated 5

Steven Wilson at 08:46 on 5 Nov 2017

Great talk, thanks Matt..

Rated 5

James Baster at 09:53 on 5 Nov 2017

Well structured demo - every time I had a question it was answered in the next section! Good work.

Rated 5

Scott Pringle at 14:12 on 5 Nov 2017

Great talk, very well delivered. Huge thanks to Matt for passing on his knowledge in such a delightful manner!

Rated 5

Jason Collins at 09:18 on 6 Nov 2017

Matt did a great job breaking down Content Security Policies, I can't wait to use https://report-uri.com/ after hearing his talk. Very helpful, honest and funny at the same time.

Very impressed he's included demo content along with his slides!

Rated 5

David Towers at 10:01 on 6 Nov 2017

Something I could immediately put into practice. Thanks

Rated 5

Thomas Roche at 10:07 on 6 Nov 2017

Fantastic talk and presentation of something that I would have never given a second thought. I would attend again just for the banter. :D

Funny, engaging and interesting. Everything a great talk should be.

Rated 5

Craig A Rodway at 14:12 on 6 Nov 2017

Fantastic talk with a perfect balance of information, examples and humour. Very easy to digest and hopefully put in to practise. Easily my favourite talk of the day. Thanks very much!

Rated 5

Alistair Burns at 09:42 on 7 Nov 2017

Really enjoyed this talk. I'd forgotten about CSP after we had a bad experience a year or so ago when someone just "turned it on" after getting the results of a security review and it broke everything!
Seeing how simple it is to turn it on in a "reporting only mode" has given me the confidence to st it up properly on any new sites I work on.
I was interested in a Symfony bundle and came across https://github.com/nelmio/NelmioSecurityBundle which has CSP and more, I may give it a try!

Rated 5

Ciaran McNulty at 13:37 on 7 Nov 2017

Really great to have such real-world experience being shared

Rated 5

Craig McCreath at 14:15 on 7 Nov 2017

Matt provided great humor and brought life to content security policies. By going through his demos the way he did, it showed how we'd often break it before we get it right!

Really useful information with great resources to help us integrate such policies in our projects.

Matt gives a good, confident and entertaining talk. He always brings forth anxieties for those not familiar with content security policies. Insightful to say the least :)

Rated 5

Chris Shennan at 08:35 on 8 Nov 2017

This was my best talk of the day. I had heard the term Content Security Policy floating around but hadn't really looked into what it was. This talk was a great crash course, straight to the point and very informative, and a talk where the speaker owns up to their own mistakes always goes down well.

Rated 5

Andy Gaskell at 14:52 on 8 Nov 2017

Really nice practical talk from Matt, delivered with humor and candor. I went away and wrote a Joomla plug-in for CSP the next day.