[Pluralsight] Defeating Cross-site Scripting with Content Security Policy
Defeating Cross-site Scripting with Content Security Policy

Defeating Cross-site Scripting with Content Security Policy

image description

Course Description

Content Security Policy (CSP) is a W3C standard that limits what a browser may do, which helps prevent many common attacks, including Cross-site Scripting. This course will teach you all relevant CSP features and which browsers they work in. Cross-site scripting (XSS) is one of the major threats against web applications, with successful attacks every day. In this course, Defeating Cross-site Scripting with Content Security Policy, you'll learn how to put an end to this and other threats against your applications. First, you'll learn about the W3C standard Content Security Policy (CSP), which versions exist and features they bring. Next, you'll develop an understanding of how CSP restricts what content the browser is allowed to load and execute. Finally, you'll explore exactly how to use this approach to secure your sites. When you're finished with this course, you'll be ready to apply CSP to your web applications, and protect them from XSS and other attacks.

What you will learn

Hi everyone! My name is Christian Wenz, and welcome to my course, Defeating Cross-site Scripting with Content Security Policy. I'm an independent developer and architect and support many companies in everything web including web performance and web application security. Almost 20 years ago, I first encountered cross-site scripting. Back then I thought it was a good thing for me because it helped me circumvent a security restriction in an application I had to work with. Now, of course, I know better. Yet cross-site scripting seems hard to beat. The attack as widespread as ever until now because in this course, we're going to fight cross-site scripting and some other attacks with Content Security Policy, a World Wide Web Consortium standard supported by most browsers that limits what a browser can do. Among other things, we can restrict which JavaScript code may be loaded and executed making cross-site scripting virtually impossible. Some of the major topics that we will cover include setting up a Content Security Policy learning about all the available options, which versions of Content Security Policy exist and what features they offer, understanding Content Security Policy browser support and how to maintain backwards compatibility with older versions, and testing and maintaining a policy. By the end of this course, you will know how to get the most out of Content Security Policy and how to implement this standard for your web applications. No prior knowledge is required, but it would be helpful if you have worked with any server technology such as ASP. NET or PHP. I hope you'll join me on this journey with the Defeating Cross-site Scripting with Content Security Policy course at Pluralsight.

Curriculum

Section 1: Course Overview

Section 2: Getting Started

Section 3: Implementing CSP for Everyone: Version 1

Section 4: Leveraging Advanced Content Security Policy Features: Version 2

Section 5: Getting Applications Ready for Content Security Policy

Section 6: Looking Forward: Upcoming Features in CSP 3