Defeating Cross-site Scripting with Content Security Policy

Content Security Policy (CSP) is a W3C standard that limits what a browser may do, which helps prevent many common attacks, including Cross-site Scripting. This course will teach you all relevant CSP features and which browsers they work in.
Course info
Rating
(24)
Level
Intermediate
Updated
May 11, 2017
Duration
2h 21m
Table of contents
Course Overview
Getting Started
Implementing CSP for Everyone: Version 1
Leveraging Advanced Content Security Policy Features: Version 2
Getting Applications Ready for Content Security Policy
Looking Forward: Upcoming Features in CSP 3
Description
Course info
Rating
(24)
Level
Intermediate
Updated
May 11, 2017
Duration
2h 21m
Description

Cross-site scripting (XSS) is one of the major threats against web applications, with successful attacks every day. In this course, Defeating Cross-site Scripting with Content Security Policy, you'll learn how to put an end to this and other threats against your applications. First, you'll learn about the W3C standard Content Security Policy (CSP), which versions exist and features they bring. Next, you'll develop an understanding of how CSP restricts what content the browser is allowed to load and execute. Finally, you'll explore exactly how to use this approach to secure your sites. When you're finished with this course, you'll be ready to apply CSP to your web applications, and protect them from XSS and other attacks.

About the author
About the author

Christian Wenz is an author, consultant and trainer focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for ASP.NET, an ASPInsiders member, and main author of the Zend PHP 5.5 certification.

More from the author
PHP: Getting Started
Beginner
3h 23m
Sep 24, 2019
Building a Site with Angular and PHP
Intermediate
3h 51m
Dec 20, 2017
More courses by Christian Wenz