Hashes and Nonces and Violations, Oh My! Everything you need to know about Content Security Policy (CSP)
Track: Web Tools & Complementary Technologies
In this session, Michael will share insights and lessons learned from implementing a Content Security Policy (CSP) on a large government Drupal website. CSP is a critical tool for enhancing web security, but it comes with its own set of challenges—especially when it's added retrospectively to an existing site with extensive analytics and tracking requirements.
We'll start with the basics to get you up and running before delving into the intricacies of the most important directives. Of course, you'll face Drupal-isms, which are a challenge of their own to master, before we conquer the beast that is Google Tag Manager.
By the end of the presentation, attendees will have a solid understanding of what steps they can take to start building their own policy and the tools required to analyse its effectiveness before deployment to production.
We'll start with the basics to get you up and running before delving into the intricacies of the most important directives. Of course, you'll face Drupal-isms, which are a challenge of their own to master, before we conquer the beast that is Google Tag Manager.
By the end of the presentation, attendees will have a solid understanding of what steps they can take to start building their own policy and the tools required to analyse its effectiveness before deployment to production.
Speakers
Michael Strelan
Michael is a veteran Drupal developer, having been involved in Drupal projects since the days of Drupal 5. Throughout his career he has led, delivered and maintained projects across a wide variety of sectors, most prominently Government, Education and Healthcare. Contributing back to Drupal and the Drupal community is something Michael feels strongly about, as well as solving problems and helping others to learn. Outside of work hours, Michael enjoys cycling (hates running), drinking coffee (and beer) and spending time with his family.