Content Security Policy Explained
Content Security Policies (CSP) are a powerful safety feature of the modern web. This video aims to lay a foundation for anyone to add a CSP to their web applications.
In this video, we're going to take a look at content security policy, what it is, why you need it, and how to create a content security policy using the OWASP Content Security Policy Template.
If you work with web applications or have any sort of online presence, you need to know about content security policy. This video will explain everything you need to know in easy to understand terms, including why you need it, how to create a content security policy, and how to protect your web applications with it.
One note that isn't as clear in the video – the directives are universal and can also be added to meta tag-based CSPs if one does not have access to the server.
Have more thoughts? Leave a comment or @-me on / tejaskumar_
Don't forget to like and subscribe with notifications for future videos!
More resources:
OWASP Cheat Sheet: https://cheatsheetseries.owasp.org/ch...
Complete list of CSP directives: https://developer.mozilla.org/en-US/d...
Chapters:
00:00 Intro
00:08 Why Should I Care?
01:00 Where Do I Add One?
01:12 1. HTTP Headers
01:36 2. Meta Tag
01:43 3. manifest.json
01:59 How Do I Add One to a Web App?
03:42 (Demo) Implementing a Content Security Policy
04:10 Report-Only Mode for Iterative Development
04:42 Sending Content Security Policy Reports
05:13 Conclusion
