This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
Scanning a web application for vulnerabilities and ensuring it is secure is an essential task in every web application development project. But there are other things you can leverage to improve the security posture of your web applications, such as Content Security Policy (CSP).
Watch our Security Researcher, Sven Morgenroth, deliver a presentation and demo about the CSP during episode #536 of Paul’s Security Weekly. During the podcast Sven does the following:
- Explains what CSP is
- Explains some CSP directives and how to use them
- Shows some of the most common mistakes one can make when configuring CSP,
- Explains how CSP helps in preventing cross-site scripting vulnerabilities on your web applications
During the podcast, Sven also runs a demo to show the effect Content Security Policy directives have when used to protect a web application, and highlights some best practices. Sven also shows how you can use the Netsparker web application security scanner to ensure your Content Security Policy is airtight, or better, hacker tight!
Slides for Content Security Policy Presentation & Demo
Here are the slides Sven used during the presentation and demo of the Content Security Policy.