Using Content Security Policy (CSP) for detecting client side attacks.
To ask questions to the speaker, leave comments at https://has.gy/I4Xc
As the server-side of the web gets more secure due to secure coding and defensive technologies, attackers are shifting their focus to the low-hanging fruit. This is increasingly turning out to be the client-side. Injecting a few lines of JavaScript in to an application’s client-side can give an attacker access to all of the data and functionality from the backend. And the attack can also go undetected. Clear evidence of this is the theft of several hundreds of millions of credit card details, consistently over the last several years using this approach.
In this talk, Lavakumar Kuppan explains how such attacks work, and how you can detect them using a built-in feature of the browsers - Content Security Policy (CSP). CSP implementation often becomes a complex and effort intensive exercise. Using the lessons learned from implementing CSP for several organisations, Lavakumar shares a simple approach to having an imperfect but practical and useful CSP in place.
Lavakumar Kuppan is founder at domdog.io
Chapters:
00:00 Introduction to this episode.
01:59 Client-side security is the path of least resistance.
07:17 What is Content Security Policy (CSP)?
10:31 Step-by-step overview of how to get an effective CSP policy.
16:17 How long does it take to create a CSP policy?
23:54 You don’t have to worry about breaking your site by trying to put your site in blocking mode.
27:05 CSP is part of any existing security frameworks or is it driven by any compliance or regulatory requirements?
31:40 Monitoring mode policy vs blocking mode policy.
Смотрите видео Using Content Security Policy (CSP) for detecting client side attacks. онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь Hasgeek TV 08 Март 2023, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 502 раз и оно понравилось 7 людям.