A primer on Content Security Policy / References

references.md

A primer on Content Security Policy / References

Slides

https://speakerdeck.com/polarblau/a-primer-on-content-security-policy

CSP

• https://w3c.github.io/webappsec/specs/content-security-policy/
• https://en.wikipedia.org/wiki/Content_Security_Policy
• http://www.cspplayground.com/home

Same origin policy

• http://en.wikipedia.org/wiki/Same-origin_policy
• https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy
• http://www.html5rocks.com/en/tutorials/security/content-security-policy/

XSS and Session hijacking

• https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
• https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
• https://www.owasp.org/index.php/DOM_Based_XSS
• https://www.owasp.org/index.php/Session_hijacking_attack
• https://en.wikipedia.org/wiki/Session_hijacking

Gems

• https://github.com/twitter/secureheaders
• https://github.com/p0deje/content-security-policy/

Image references:

• Burned trash can: http://www.feuerwehr-dorf-erbach.de/
• "Heisse Asche": http://sagen.at/