Скачать или смотреть How to Generate Content Security Policy like the pros!

NOTICE: RapidSec was acquired by Orca Security, and the product has been discontinued. We're leaving this video live for education purposes only. Good luck with your CSP.

An end-to-end walkthrough of building a strict CSP using SHA hashes - the same technique that Stripe are using to protect their website.
00:00 Introduction how to generate a strong SHA based CSP.
00:32 Review of Stripe's SHA based Content Security Policy
01:13 Broken marketing scripts with existing CSP setup
01:34 Setup RapidSec account
01:52 Create a RapidSec Project
02:39 Manually setting the generated content security policy locally in Report-Only mode
02:59 Running the initial policy to create violations and get initial data
03:40 Approve your first CSP packages and build the first CSP version
04:41 After setting the package CSP, allow custom directive rules
05:12 Eliminating 'unsafe-inline' with SHA hashes
06:24 Setting the style and content directives
07:50 Deploying the full Report-Only CSP, and moving to Enforce Mode!
11:02 Conclusion and Wrap up!

CSP Scanner Walkthrough:
   • CSP Scanner: Test, Analyze & Evaluate your...