Home Conference Sessions Content Security...

Content Security Policies: Let's Break Stuff

Matt Brunt | GOTO Amsterdam 2019

You need to be signed in to add a collection

Content Security Policies are another tool we should have in our security toolbelt to help protect users of our sites. In this session you'll learn what they are, why they're needed, how they work and the limitations on what they can & cannot do to protect users. You'll see a demo of attacks a CSP will block, you'll see a site broken by a CSP, show what the different CSP directives & options will do and be introduced to some of the tools available to help with implementing a CSP on your sites! **What will the audience learn from this talk?**<br> You'll see a demo of attacks a CSP will block, you'll see a site broken by a CSP, show what the different CSP directives & options will do and be introduced to some of the tools available to help with implementing a CSP on your sites! **Does it feature code examples and/or live coding?**<br> It does feature live coding in the later half of the talk **Prerequisite attendee experience level:** <br> [Level 100](https://gotoams.nl/2019/pages/experience-level)

Share on:
linkedin facebook
Copied!

Transcript

Content Security Policies are another tool we should have in our security toolbelt to help protect users of our sites. In this session you'll learn what they are, why they're needed, how they work and the limitations on what they can & cannot do to protect users.

You'll see a demo of attacks a CSP will block, you'll see a site broken by a CSP, show what the different CSP directives & options will do and be introduced to some of the tools available to help with implementing a CSP on your sites!

What will the audience learn from this talk?
You'll see a demo of attacks a CSP will block, you'll see a site broken by a CSP, show what the different CSP directives & options will do and be introduced to some of the tools available to help with implementing a CSP on your sites!

Does it feature code examples and/or live coding?
It does feature live coding in the later half of the talk

Prerequisite attendee experience level:
Level 100

About the speakers

Matt Brunt

Matt Brunt

Dungeon master, code tinkerer & cybersecurity pro