Podcast on CSP - The Last Line of XSS Defense

Category: Web Security Readings - Last Updated: Tue, 05 Dec 2017 - by Robert Abela

Scanning a web application for vulnerabilities and ensuring it is secure is an essential task in every web application development project. But there are other things you can leverage to improve the security posture of your web applications, such as Content Security Policy (CSP).

Watch our Security Researcher, Sven Morgenroth, deliver a presentation and demo about the CSP during episode #536 of Paul’s Security Weekly. During the podcast Sven does the following:

  • Explains what CSP is
  • Explains some CSP directives and how to use them
  • Shows some of the most common mistakes one can make when configuring CSP,
  • Explains how CSP helps in preventing Cross-site Scripting vulnerabilities on your web applications

During the podcast, Sven also runs a demo to show the effect Content Security Policy directives have when used to protect a web application, and highlights some best practices. Sven also shows how you can use the Netsparker web application security scanner to ensure your Content Security Policy is airtight, or better, hacker tight!

Slides for Content Security Policy Presentation & Demo

Here are the slides Sven used during the presentation and demo of the Content Security Policy.


Keep up with the latest web security
content with weekly updates.