Implementing a Content-Security-Policy

Note: this is an archived site. The current site can be found at http://drupalcampla.com.
23
Day: 
Sunday
Time: 
11:00a
Room: 
Moss Cove B

47% of all web applications have a cross-site-scripting vulnerability, and this potential security flaw ranks in the top three classes of all vulnerabilities.[1]

A Content Security Policy is a systematic way to block these attacks, by whitelisting allowed sources of script, style, and other resources. The holy grail – blocking "unsafe-inline" code – offers the strongest defense, but can be a big surprise for front-end developers when inline scripts and styles stop working!

[1] Source: White Hat Security, 2015 Website Security Statistics Report

Session Takeaways:
Developers will learn when and why to add a Content Security Policy to your web project, and how to successfully implement it. You'll also learn how to troubleshoot existing policies, and refactor JavaScript to remove unsafe inline code.

Category: 
Code and Development
Skill: 
Advanced
Duration: 
One hour
Session Tags: 
javascript
security

Comments