Content Security Policies: Let's Break Stuff

Matt Brunt (04.Nov.2017 at 12:40, 50 min)
Talk at ScotlandPHP 2017 (English - UK)

Rating: 5 of 5

Content Security Policies are another tool we should have in our security toolbelt to help protect users of our sites. In this session I’ll cover what they are, why they’re needed, how they work and the limitations on what they can & cannot do to protect users.

I’ll demo attacks a CSP will block, break things, show what the different CSP directives & options will do and introduce some of the tools available to help with implementing a CSP on your sites!

Who are you?

Claim talk

Talk claims have been moved to the new Joind.in site.

Please login to the new site to claim your talk

 
Comments closed.

Comments

Rating: 5 of 5

04.Nov.2017 at 13:20 by Richard Harrison (13 comments) via Web2 LIVE

Great talk and really rather funny

Rating: 5 of 5

04.Nov.2017 at 13:21 by Ken Guest (35 comments) via Web2 LIVE

Fantastic talk, learnt loads. Brunty denies it but he clearly knows his stuff!

Rating: 5 of 5

04.Nov.2017 at 13:33 by David McKay (10 comments) via Web2 LIVE

Thanks Matt! That was great. Learnt a lot and delivered with a nice touch of humour and humility. Thanks for sharing your production hazards ?

Rating: 5 of 5

04.Nov.2017 at 15:40 by Peter mcdonald (41 comments) via Web2 LIVE

Hadllomed at csp in the past but never implemented it. Maybe thought it was more of an issue to implement than it actually is. Off to revisit

Great speaker and clearly loves the subject matter.

Rating: 5 of 5

04.Nov.2017 at 16:33 by Harro Verton (13 comments) via Web2 LIVE

Great talk, Matt knows how to capture an audience. Even with boring stuff like security. ;-)


04.Nov.2017 at 17:35 by Ken Guest (35 comments) via Web2 LIVE

Great talk, very well given and brunty clearly knows his stuff. Learnt a lot.

Rating: 5 of 5

05.Nov.2017 at 08:46 by Steven Wilson (3 comments) via Web2 LIVE

Great talk, thanks Matt..

Rating: 5 of 5

05.Nov.2017 at 09:53 by James Baster (5 comments) via Web2 LIVE

Well structured demo - every time I had a question it was answered in the next section! Good work.

Rating: 5 of 5

05.Nov.2017 at 14:12 by Scott Pringle (10 comments) via Web2 LIVE

Great talk, very well delivered. Huge thanks to Matt for passing on his knowledge in such a delightful manner!

Rating: 5 of 5

06.Nov.2017 at 09:18 by Jason Collins (5 comments) via Web2 LIVE

Matt did a great job breaking down Content Security Policies, I can't wait to use https://report-uri.com/ after hearing his talk. Very helpful, honest and funny at the same time.

Very impressed he's included demo content along with his slides!

Rating: 5 of 5

06.Nov.2017 at 10:01 by David Towers (3 comments) via Web2 LIVE

Something I could immediately put into practice. Thanks

Rating: 5 of 5

06.Nov.2017 at 10:07 by Thomas Roche (4 comments) via Web2 LIVE

Fantastic talk and presentation of something that I would have never given a second thought. I would attend again just for the banter. :D

Rating: 5 of 5

06.Nov.2017 at 10:36 by Lukas Giegerich (9 comments) via Web2 LIVE

Funny, engaging and interesting. Everything a great talk should be.

Rating: 5 of 5

06.Nov.2017 at 14:12 by Craig A Rodway (7 comments) via Web2 LIVE

Fantastic talk with a perfect balance of information, examples and humour. Very easy to digest and hopefully put in to practise. Easily my favourite talk of the day. Thanks very much!

Rating: 5 of 5

07.Nov.2017 at 09:42 by Alistair Burns (5 comments) via Web2 LIVE

Really enjoyed this talk. I'd forgotten about CSP after we had a bad experience a year or so ago when someone just "turned it on" after getting the results of a security review and it broke everything!
Seeing how simple it is to turn it on in a "reporting only mode" has given me the confidence to st it up properly on any new sites I work on.
I was interested in a Symfony bundle and came across https://github.com/nelmio/NelmioSecurityBundle which has CSP and more, I may give it a try!

Rating: 5 of 5

07.Nov.2017 at 13:37 by Ciaran McNulty (128 comments) via Web2 LIVE

Really great to have such real-world experience being shared

Rating: 5 of 5

07.Nov.2017 at 14:15 by Craig McCreath (7 comments) via Web2 LIVE

Matt provided great humor and brought life to content security policies. By going through his demos the way he did, it showed how we'd often break it before we get it right!

Really useful information with great resources to help us integrate such policies in our projects.

Rating: 5 of 5

08.Nov.2017 at 00:55 by Aaron Henderson (12 comments) via Web2 LIVE

Matt gives a good, confident and entertaining talk. He always brings forth anxieties for those not familiar with content security policies. Insightful to say the least :)

Rating: 5 of 5

08.Nov.2017 at 08:35 by Chris Shennan (4 comments) via Web2 LIVE

This was my best talk of the day. I had heard the term Content Security Policy floating around but hadn't really looked into what it was. This talk was a great crash course, straight to the point and very informative, and a talk where the speaker owns up to their own mistakes always goes down well.

Rating: 5 of 5

08.Nov.2017 at 14:52 by Andy Gaskell (24 comments) via Web2 LIVE

Really nice practical talk from Matt, delivered with humor and candor. I went away and wrote a Joomla plug-in for CSP the next day.

© Joind.in 2019