Content Security Policy (CSP) is a W3C standard that limits what a browser may do, which helps prevent many common attacks, including Cross-site Scripting. This course will teach you all relevant CSP features and which browsers they work in.
Cross-site scripting (XSS) is one of the major threats against web applications, with successful attacks every day. In this course, Defeating Cross-site Scripting with Content Security Policy, you'll learn how to put an end to this and other threats against your applications. First, you'll learn about the W3C standard Content Security Policy (CSP), which versions exist and features they bring. Next, you'll develop an understanding of how CSP restricts what content the browser is allowed to load and execute. Finally, you'll explore exactly how to use this approach to secure your sites. When you're finished with this course, you'll be ready to apply CSP to your web applications, and protect them from XSS and other attacks.
Christian Wenz is an author, consultant and trainer focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for ASP.NET, an ASPInsiders member, and main author of the Zend PHP 5.5 certification.
Hi everyone, my name is Christian Wenz and welcome to my course Defeating Cross-site Scripting with Content Security Policy. I am an independent developer and architect, and support many companies in everything web, including web performance, and web application security.
Almost twenty years ago, I first encountered Cross-site Scripting. Back then I thought it was a good thing (for me), because it helped me circumvent a security restriction in an application I had to work with. Now of course I know better. Yet Cross-site scripting seems hard to beat, the attack is as widespread as ever. Until now!
Some of the major topics that we will cover include:
Setting up a Content Security Policy, learning about the available options
Which versions of Content Security Policy exist, and what features they offer
Understanding Content Security Policy browser support, and how to maintain backwards compatibility with older versions
Testing and maintaining a policy
By the end of this course, you’ll know how to get the most out of Content Security Policy, and how to implement this standard for your web applications. No prior knowledge is required, but it would be helpful if you have worked with any server technology such as ASP.NET or PHP.
I hope you’ll join me on this journey with the Defeating Cross-site Scripting with Content Security Policy course, at Pluralsight