Defeating Cross-site Scripting with Content Security Policy 2
Content Security Policy (CSP) is a W3C standard that limits what a browser may do, which helps prevent many common attacks, including Cross-site Scripting. This course will teach you all relevant CSP features and which browsers they work in.
What you'll learn
Cross-site scripting (XSS) is one of the major threats against web applications, with successful attacks every day. In this course, Defeating Cross-site Scripting with Content Security Policy, you'll learn how to put an end to this and other threats against your applications. First, you'll learn about the W3C standard Content Security Policy (CSP), which versions exist and features they bring. Next, you'll develop an understanding of how CSP restricts what content the browser is allowed to load and execute. Finally, you'll explore exactly how to use this approach to secure your sites. When you're finished with this course, you'll be ready to apply CSP to your web applications, and protect them from XSS and other attacks.
Table of contents
- Introduction 1m
- Content Security Policy in HTML 3m
- ClickJacking (and Countermeasures) 5m
- Embedding Frames, Launching Workers 2m
- Enforcing HTTPS 7m
- Further New Directives 3m
- URI Values 2m
- Enabling Inline Code with Nonces 4m
- Enabling Inline Code with Hashes 5m
- Enabling Inline Code in Legacy Browsers 2m
- Content Security Policy Level 2 Browser Support 2m
- Summary 2m
About the author
Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an... more