If unexpected inline JavaScript was added to a WYSIWYG field on your site, would you know? If one of your JavaScript dependencies were altered to harvest sensitive form data, could you prevent it?
Content Security Policy is a new layer in web security to protect your site and your users from security and privacy risks such as cross site scripting (XSS), content injection, and data exfiltration. The Content-Security-Policy module is able to leverage Drupal 8’s libraries system to make this tool more easily available to every Drupal site.
This session will cover:
- The most prominent risks and the Content Security Policy options available to address them.
- The current state of the Content Security Policy spec, and current browser support.
- The legacy headers that Content Security Policy replaces.
- How to safely implement and monitor the effectiveness of a policy.
- The roadblocks current modules, frontend libraries, and third-party services present.
- Further hardening techniques for complex sites.
- Additional browser features for improving security and monitoring end-user issues on your site.
Useful for site builders and developers, attendees should walk away from this session with the core knowledge required to implement and monitor a Content Security Policy for their website.
Presenters
