Overview
This course aims to teach learners how to mitigate cross-site scripting (XSS) attacks using Content Security Policy (CSP). The learning outcomes include understanding the differences between CSP 1.0 and CSP 2.0, learning how CSP protects web applications from XSS, and knowing how to implement CSP on a website. The course covers topics such as DOM-based XSS, script sources, wildcards, default CSP, connecting sources, monitoring, report-only policy, inline JavaScript, CSP nonce, and hash sources. The teaching method involves a 30-minute talk by a Senior Security Consultant, making it suitable for web application developers interested in enhancing their security measures.
Syllabus
Intro
About Ksenia
Dombased XSS
Script source
Wildcards
Default
CSS
Connect Source
Monitoring
Report Only Policy
Inline JavaScript
CSP
Nonce
Hash Source
Taught by
LASCON