Re: CSP Transition Tools from John Wong on 2014-01-14 (public-webappsec@w3.org from January 2014)

From: John Wong <gokoproject@gmail.com>
Date: Mon, 13 Jan 2014 20:59:43 -0500
To: Garrett Robinson <grobinson@mozilla.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <CACCLA54Nvy=Ly+vTAZQ56fPZbed0-KX4Ei5aZVAX45CygSVjnw@mail.gmail.com>

This talk was given in this year's AppSec USA. Might be useful.
https://www.youtube.com/watch?v=9V64zQi2pX0
The deck should be here:
https://github.com/SendSafely/Presentations/blob/master/AppSec%20USA%202013/Pushing%20CSP%20to%20Prod%20-%20AppSec%20USA%202013.pdf?raw=true

On Mon, Jan 13, 2014 at 5:26 PM, Garrett Robinson <grobinson@mozilla.com>wrote:

> Hey webappsec!
>
> I'm working on encouraging some large site operators to transition to
> using CSP. As we know, the process of transitioning is not easy,
> especially on large, established sites with lots of inline code. I want
> to give them some advice about techniques and tools they can use to make
> this process easier.
>
> If you've transitioned a site (especially a large and/or complex one) to
> use CSP, please consider sharing your process, tools, and any lessons
> learned! I'd love to build an inventory that we could maybe turn into a
> document to help site operators transition.
>
> -Garrett
>
>

Received on Tuesday, 14 January 2014 02:00:11 UTC