#Content Security Policy

Explore how crowdsourced security testing outperforms traditional methods, with insights on implementation, benefits, and real-world examples from successful bug bounty programs.

Add to list

17 Lesons

32 minutes

On-Demand

Free-Video

LASCON

Mind the CSP Gap: Challenges Developing a Meaningful Content-Security-Policy

Strategies for implementing Content Security Policy (CSP) effectively, addressing challenges and phasing in a meaningful policy without disrupting engineering teams.

Add to list

1 Lesons

36 minutes

On-Demand

Free-Video

Securing Single Page Applications - Design Considerations and Pitfalls

Explore security pitfalls in Single Page Applications and learn mitigation strategies. Covers stateless design, JSON handling, caching, local storage, and resource sharing, with practical demos and key takeaways.

Add to list

13 Lesons

30 minutes

On-Demand

Free-Video

Lessons in Securing Internal Apps - AppSecCali 2019

Lessons and strategies for securing internal applications, including authentication, TLS, Content Security Policy, and leveraging WAFs. Insights on scalable approaches and using internal apps to train security engineers.

Add to list

1 Lesons

44 minutes

On-Demand

Free-Video

Bypassing XSS Mitigations Via Script Gadgets - AppSec EU 2017

Explore a novel web hacking technique bypassing XSS mitigations using script gadgets. Learn how attackers can exploit legitimate JavaScript to execute malicious code, evading common security measures.

Add to list

15 Lesons

47 minutes

On-Demand

Free-Video

Content Security Policy Evolution: From Whitelists to Strict-Dynamic - AppSec EU 2017

Explore Content Security Policy evolution, including 'strict-dynamic' approach, real-world implementation challenges, and strategies to address recent bypasses of nonce-based policies.

Add to list

21 Lesons

35 minutes

On-Demand

Free-Video

Rhyming with Hacks - The Ballad of Supply Chain Attacks

Explore supply chain attacks, their anatomy, and prevention strategies. Learn about real-life examples, existing solutions, and a new DOM monitoring approach with live demonstration.

Add to list

1 Lesons

31 minutes

On-Demand

Free-Video

Bypassing Browser Policies and Privacy Extensions for Cookies

Explore bypasses to browser policies and extensions for cookie security. Learn about an automated framework for evaluating countermeasures against cross-site attacks and third-party tracking.

Add to list

1 Lesons

34 minutes

On-Demand

Free-Video

Modern XSS Defense Strategies - Frameworks, CSP, and Sanitization

Explore modern XSS defense strategies, including JavaScript frameworks, CSP deployment, HTML sanitization, and design considerations for building secure web applications against evolving threats.

Add to list

1 Lesons

41 minutes

On-Demand

Free-Video

CSP - The Good, the Bad and the Ugly

Explore Content Security Policy's strengths and weaknesses in web application security, presented by Shape Security's engineering manager Ilya Nesterov at APPSEC CA 2017.

Add to list

1 Lesons

37 minutes

On-Demand

Free-Video

Content Security Policy Reporting and Aggregation with Caspr - OWASP AppSec California 2015

Explore Content-Security-Policy (CSP) violation reporting with Caspr, a tool for collecting and analyzing reports. Learn about CSP background, Caspr usage, and related tools for enhancing web application security.

Add to list

1 Lesons

51 minutes

On-Demand

Free-Video

Making CSP Great Again - Enhancing Content Security Policy

Explore advanced Content Security Policy techniques to enhance web application security and mitigate XSS vulnerabilities effectively.

Add to list

1 Lesons

44 minutes

On-Demand

Free-Video

Making Content Security Policy Work For You

Learn about Content Security Policy (CSP), its importance in web application defense, and practical tips for implementation from Mozilla's application security expert.

Add to list

1 Lesons

41 minutes

On-Demand

Free-Video

Content Security Policy (CSP) - Understanding and Implementing Web Protection

Learn about Content Security Policy (CSP), a powerful browser security feature that mitigates cross-site scripting attacks. Discover its benefits, implementation strategies, and future impact on web security.

Add to list

1 Lesons

32 minutes

On-Demand

Free-Video

Pushing Content Security Policy to Production - Case Study of Real-World Implementation

Practical insights on implementing Content Security Policy in a live web application, covering challenges, browser nuances, third-party integrations, and real-world violation reports.

Add to list

1 Lesons

51 minutes

On-Demand

Free-Video

Fixing XSS with Content Security Policy

Learn how Content Security Policy (CSP) can prevent XSS attacks, understand its versions, browser support, and implementation strategies for web applications. Gain insights on balancing CSP with traditional security measures.

Add to list

1 Lesons

58 minutes

On-Demand

Free-Video

Roadblocks for Content Security Policy (CSP) Implementation - Developer Challenges and Solutions

Explore challenges in implementing Content Security Policy (CSP) for web security, including complexity, legacy code, and browser support. Learn strategies to overcome obstacles and enhance CSP deployment.

Add to list

25 Lesons

39 minutes

On-Demand

Free-Video

LASCON

Defense-in-Depth Engineering Techniques for Secure Software Design

Explore techniques for building resilient software, identifying overlooked vulnerabilities, and designing for incident preparedness. Learn to architect secure systems and improve incident response capabilities.

Add to list

1 Lesons

55 minutes

On-Demand

Free-Video

Scaling Content Security Policy: Enterprise Compliance and Third-Party Resource Management

Learn to implement Content Security Policy and monitor web resources at scale, addressing supply chain attacks and PCI requirements for enhanced frontend security in enterprise applications.

Add to list

1 Lesons

43 minutes

On-Demand

Free-Video

Back to the Roots - Finding the Origin of CSP Security Bugs

Explore the root causes of Content Security Policy bugs in web browsers, their lifecycle, and insights for both attackers and defenders using automated analysis tools.

Add to list

1 Lesons

26 minutes

On-Demand

Free-Video

The Final Frontier - Security APIs in Modern Browsers

Explore modern browser security APIs and mechanisms that protect against common web attacks, enhance authentication, and restrict browser behavior, with code demonstrations and future insights.

Add to list

1 Lesons

59 minutes

On-Demand

Free-Video

Modern Web Application Defense with OWASP Tools

Learn to defend web applications using OWASP tools. Explore XSS, CSRF, and other vulnerabilities through live demos. Gain practical skills to prevent attacks and secure your applications effectively.

Add to list

17 Lesons

40 minutes

On-Demand

Free-Video

HTML5 Security Features - Advantages Over Traditional Web Technologies

Exploring HTML5's security features and comparing them to traditional techniques. Demonstrates how HTML5 APIs offer improved security for cross-domain communication, client-side persistence, and protection against common web vulnerabilities.

Add to list

1 Lesons

47 minutes

On-Demand

Free-Video

Web Conferences Amsterdam

Headers for Hackers - Understanding and Optimizing HTTP Headers

Explore HTTP headers' impact on web performance, security, and functionality. Learn practical techniques to optimize your site using powerful header configurations.

Add to list

25 Lesons

46 minutes

On-Demand

Free-Video

USENIX

Cookie Infrastructure at Meta - Managing Consent and Compliance

Explore Meta's cookie management system, featuring a central schema, enforced API, and Content-Security-Policy headers for robust control and compliance with user preferences.

Add to list

1 Lesons

16 minutes

On-Demand

Free-Video

Bill Buchanan OBE

Web Security and Encryption: From Browser Telemetry to Enterprise TLS - Guest Lecture

Explore web security with expert Scott Helme, covering encryption, privacy, DNS, and content security policy. Gain insights on browser telemetry and enterprise TLS.

Add to list

15 Lesons

59 minutes

On-Demand

Free-Video

Security BSides San Francisco

HTTP Security Headers - A Technology History Through Scar Tissue

Explore HTTP security headers, their evolution, and best practices. Learn to leverage browser-built security controls, with a focus on implementing effective content-security-policy for enhanced web application protection.

Add to list

1 Lesons

31 minutes

On-Demand

Free-Video

CSP Pitfalls and Gotchas

Explore common pitfalls and gotchas in Content Security Policy implementation, focusing on whitelist issues, SameOrigin policy, and unsafe inline practices. Learn strategies for building a robust security framework.

Add to list

7 Lesons

15 minutes

On-Demand

Free-Video

Restricting the Scripts, You're to Blame, You Give CSP a Bad Name

Explore Content Security Policy's role in web security, covering script restrictions, TLS enforcement, and framing control. Learn best practices and developer insights for effective CSP implementation.

Add to list

15 Lesons

47 minutes

On-Demand

Free-Video

Association for Computing Machinery (ACM)

CSP is Dead, Long Live CSP! - On the Insecurity of Whitelists and the Future of the Content Security Policy

Explore the evolution and challenges of Content Security Policy, analyzing its effectiveness, vulnerabilities, and future directions in web security.

Add to list

14 Lesons

21 minutes

On-Demand

Free-Video

Association for Computing Machinery (ACM)

Evaluating the Effectiveness of Content Security Policy in the Wild

Evaluación de la efectividad de la Política de Seguridad de Contenido en la práctica, analizando su adopción, configuración y debilidades frente a ataques XSS.

Add to list

15 Lesons

21 minutes

On-Demand

Free-Video

Association for Computing Machinery (ACM)

CSPAutoGen - Black-box Enforcement of Content Security Policy upon Real-world Websites

Explore black-box enforcement of Content Security Policy on websites, covering deployment, training, rewriting, and evaluation of CSPAutoGen for enhanced web security.

Add to list

15 Lesons

26 minutes

On-Demand

Free-Video

Breaking XSS Mitigations Via Script Gadgets

Explore a novel web hacking technique that bypasses XSS mitigations using script gadgets. Learn about HTML sanitizers, CSP, and practical demonstrations of this powerful attack method.

Add to list

16 Lesons

48 minutes

On-Demand

Free-Video

Hack In The Box Security Conference

CSP Oddities

Explore Content Security Policy intricacies, common pitfalls, and innovative solutions. Learn to deploy effective CSP policies and discover potential vulnerabilities in web application security.

Add to list

21 Lesons

1 hour 4 minutes

On-Demand

Free-Video

Hack In The Box Security Conference

A Successful Mess Between Hardening and Mitigation

In-depth analysis of Content Security Policy for XSS prevention, exploring its effectiveness, debunking myths, and sharing real-world data on successful XSS mitigation in sensitive applications.

Add to list

23 Lesons

1 hour 1 minute

On-Demand

Free-Video

Security BSides San Francisco

XSS Mitigation - The State of the Art

Comprehensive overview of XSS attacks and modern defense strategies, covering browser-based, server-side, and framework-specific mitigations for web developers and security professionals.

Add to list

19 Lesons

49 minutes

On-Demand

Free-Video

Security BSides San Francisco

No More XSS - Deploying CSP with Nonces and Strict-Dynamic

Learn to implement Content Security Policy with nonces and strict-dynamic to prevent XSS attacks. Discover practical deployment strategies for Pinterest and Instapaper, and understand potential vulnerabilities.

Add to list

26 Lesons

29 minutes

On-Demand

Free-Video

Bypassing Browser Security Policies for Fun and Profit

Explore mobile browser vulnerabilities and security policy bypasses, including Same Origin Policy and Content Security Policy. Learn testing methodologies and see real-world examples of Android browser exploits.

Add to list

19 Lesons

27 minutes

On-Demand

Free-Video

Your Scripts In My Page - What Could Possibly Go Wrong?

Explore the security risks of cross-domain script inclusion, including potential data leaks and account compromises. Learn detection methods and defensive measures to protect against these vulnerabilities.

Add to list

21 Lesons

29 minutes

On-Demand

Free-Video

Next Gen Web Pen Testing - Handling Modern Applications in a Penetration Test

Explore modern web application security with insights on WebSockets, REST APIs, and Content Security Policy. Learn practical penetration testing techniques for next-gen web technologies.

Add to list

16 Lesons

52 minutes

On-Demand

Free-Video

Abusing Bleeding Edge Web Standards for Appsec Glory

Explore risks and mitigation strategies for modern web security standards like SRI, CSP, and HPKP. Learn about implementation challenges, trade-offs, and potential exploits in legacy applications.

Add to list

1 Lesons

43 minutes

On-Demand

Free-Video

PHP UK Conference

Content Security Policy to the Rescue

Learn to implement Content Security Policy to mitigate XSS vulnerabilities, prevent clickjacking, and enhance web application security through live demos and real-world examples.

Add to list

1 Lesons

40 minutes

On-Demand

Free-Video

GOTO Conferences

Content Security Policies - Let's Break Stuff

Explore Content Security Policies: their importance, implementation, and impact on web security. Learn to protect against attacks, debug issues, and balance security with functionality.

Add to list

55 Lesons

39 minutes

On-Demand

Free-Video

Security BSides London

CSP Analysis - Attacking XSS Mitigation

Explore Content Security Policy, its attack types, and effectiveness in mitigating XSS vulnerabilities in web applications.

Add to list

1 Lesons

18 minutes

On-Demand

Free-Video

Game of Chromes - Owning the Web with Zombie Chrome Extensions

Explore how malicious Chrome extensions can create botnets, distribute themselves, and exploit vulnerabilities. Learn about attack patterns, extension capabilities, and security measures.

Add to list

14 Lesons

46 minutes

On-Demand

Free-Video

GOTO Conferences

HTTP Headers for the Responsible Developer

Explore HTTP headers for building inclusive, secure, and performant websites. Learn about encryption, request upgrades, content security policies, and data optimization techniques.

Add to list

19 Lesons

40 minutes

On-Demand

Free-Video

GOTO Conferences

Crypto Heist - The Aftermath of a Government Website Cryptojacking Attack

Uncover a massive cryptojacking attack on government websites, explore its investigation, and learn preventive measures against similar threats in this eye-opening cybersecurity presentation.

Add to list

16 Lesons

49 minutes

On-Demand

Free-Video

ng-conf

Eliminating XSS in Angular Applications by Adopting Trusted Types

Learn to enhance Angular app security using Trusted Types. Discover implementation strategies, vulnerability fixes, and deployment techniques to strengthen your application against XSS attacks and data breaches.

Add to list

10 Lesons

16 minutes

On-Demand

Free-Video

Writing an Insecure Webapp

Explore common web app vulnerabilities and learn effective security practices to protect against threats like cross-site scripting and ensure robust application safety.

Add to list

11 Lesons

18 minutes

On-Demand

Free-Video

Towards a Post-XSS World

Explore Content Security Policy as a powerful tool to combat cross-site scripting attacks, enhancing web application security and regaining control over your code execution environment.

Add to list

1 Lesons

24 minutes

On-Demand

Free-Video

We're Struggling to Keep Up

Explore browser security challenges in modern web apps, covering current models, recent features, and potential enhancements, with insights on bypassing security mechanisms.

Add to list

11 Lesons

24 minutes

On-Demand

Free-Video

HTTP Headers - The Simplest Security

Explore essential HTTP security headers like Content-Security-Policy and Strict-Transport-Security. Learn implementation, browser support, and best practices for protecting web applications.

Add to list

21 Lesons

26 minutes

On-Demand

Free-Video

You Use Content Security Policy, Don't You?

Learn how Content Security Policy can protect your website from XSS and other attacks. Discover its workings, implementation, and real-world examples through live coding demonstrations.

Add to list

8 Lesons

22 minutes

On-Demand

Free-Video

Modern Security Standards

Explore modern web security standards and features to enhance protection and simplify implementation. Learn about Content Security Policy, STS, PKP, and more for robust online security.

Add to list

18 Lesons

1 hour 4 minutes

On-Demand

Free-Video

What We’ve Learned From Billions of Security Reports

Explore insights from billions of security reports, scaling challenges, and real-world cybersecurity incidents in this talk on large-scale security reporting infrastructure.

Add to list

21 Lesons

56 minutes

On-Demand

Free-Video

Crash, Burn, Report

Discover how to leverage browsers as powerful monitoring tools using the Reporting API. Learn to detect and receive alerts for various web application issues automatically.

Add to list

19 Lesons

59 minutes

On-Demand

Free-Video

Devoxx

Excellent Ways to Secure Your Spring Boot Application

Learn essential techniques to secure Spring Boot applications, including HTTPS, dependency scanning, CSRF protection, CSP implementation, OIDC authentication, and password hashing.

Add to list

11 Lesons

49 minutes

On-Demand

Free-Video

Hyper Speed! When Big Data Blooms

Explore high-speed data processing using Bloom Filters, a powerful probabilistic data structure. Learn to handle massive data volumes efficiently, with real-world examples and advanced techniques.

Add to list

21 Lesons

48 minutes

On-Demand

Free-Video

Hyper Speed - When Big Data Blooms