Talk in English - UK at ScotlandPHP 2017
View Slides: https://www.slideshare.net/secret/qAdxvYyyUKxyza
Checkout the code: https://github.com/brunty/csp-demo
Short URL: https://joind.in/talk/bac20
(QR-Code (opens in new window))
Content Security Policies are another tool we should have in our security toolbelt to help protect users of our sites. In this session I’ll cover what they are, why they’re needed, how they work and the limitations on what they can & cannot do to protect users.
I’ll demo attacks a CSP will block, break things, show what the different CSP directives & options will do and introduce some of the tools available to help with implementing a CSP on your sites!
Comments
Comments are closed.
Great talk and really rather funny
Fantastic talk, learnt loads. Brunty denies it but he clearly knows his stuff!
Thanks Matt! That was great. Learnt a lot and delivered with a nice touch of humour and humility. Thanks for sharing your production hazards ?
Hadllomed at csp in the past but never implemented it. Maybe thought it was more of an issue to implement than it actually is. Off to revisit
Great speaker and clearly loves the subject matter.
Great talk, Matt knows how to capture an audience. Even with boring stuff like security. ;-)
Great talk, very well given and brunty clearly knows his stuff. Learnt a lot.
Great talk, thanks Matt..
Well structured demo - every time I had a question it was answered in the next section! Good work.
Great talk, very well delivered. Huge thanks to Matt for passing on his knowledge in such a delightful manner!
Matt did a great job breaking down Content Security Policies, I can't wait to use https://report-uri.com/ after hearing his talk. Very helpful, honest and funny at the same time.
Very impressed he's included demo content along with his slides!
Something I could immediately put into practice. Thanks
Fantastic talk and presentation of something that I would have never given a second thought. I would attend again just for the banter. :D
Funny, engaging and interesting. Everything a great talk should be.
Fantastic talk with a perfect balance of information, examples and humour. Very easy to digest and hopefully put in to practise. Easily my favourite talk of the day. Thanks very much!
Really enjoyed this talk. I'd forgotten about CSP after we had a bad experience a year or so ago when someone just "turned it on" after getting the results of a security review and it broke everything!
Seeing how simple it is to turn it on in a "reporting only mode" has given me the confidence to st it up properly on any new sites I work on.
I was interested in a Symfony bundle and came across https://github.com/nelmio/NelmioSecurityBundle which has CSP and more, I may give it a try!
Really great to have such real-world experience being shared
Matt provided great humor and brought life to content security policies. By going through his demos the way he did, it showed how we'd often break it before we get it right!
Really useful information with great resources to help us integrate such policies in our projects.
Matt gives a good, confident and entertaining talk. He always brings forth anxieties for those not familiar with content security policies. Insightful to say the least :)
This was my best talk of the day. I had heard the term Content Security Policy floating around but hadn't really looked into what it was. This talk was a great crash course, straight to the point and very informative, and a talk where the speaker owns up to their own mistakes always goes down well.
Really nice practical talk from Matt, delivered with humor and candor. I went away and wrote a Joomla plug-in for CSP the next day.