Content Security Policy: The application security Swiss Army Knife

CSP is an incredibly simple yet amazingly powerful security feature that is now widely supported by browsers. Scott looks at some of the headline features of CSP with demonstrations of attack prevention and some of its lesser known uses too.

Slides

More details

Did you know that besides mitigating XSS attacks, CSP can also stop click-jacking attacks, neutralise mixed-content, kill ad-injectors and even help you migrate from HTTP to HTTPS?

Additional links:

More reading on CSP: https://scotthelme.co.uk/tag/csp/
Free CSP reporting: https://report-uri.io
Check your HTTP response headers like CSP: https://securityheaders.io