Sign up to save your podcasts
Or
Share How to Implement a Content Security Policy (CSP)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
How to Implement a Content Security Policy (CSP)
Summary:
In this episode of the Exploring Information Security podcast, host Timothy De Block sits down with Jason Gillam, long-time developer turned penetration tester and partner at Secure Ideas. The two dive into the real-world value of Content Security Policy (CSP) and why it remains one of the most underutilized tools in web application defense.
Jason shares insights from his upcoming talk at ShowMeCon 2025, including surprising statistics from his analysis of over 750,000 domains, where he found that most CSPs are either missing or misconfigured. He breaks down how CSP works, its role in protecting against injection attacks, and strategies for implementing it properly using nonces, hashes, and report-only modes.
They also discuss:
The challenges of educating developers on CSP
CSP vs. WAF and where each fits in the security stack
How AI and CI/CD can support secure CSP deployment
The importance of building security into code rather than bolting it on later
Whether you're a developer, security professional, or somewhere in between, this episode offers practical and actionable advice on improving your web application security posture.
Mentioned Resources:OWASP CSP Cheat Sheet
Google CSP Evaluator
Use the promo code “ExploringSec” to get $50 off your registration
Showmecon Links and Resources:Learn more about ShowMeCon: showmecon.com
Register for Training or the Conference: Registration Link
Event Venue and Room Block Information: Ameristar Casino & Resort
Connect with the Founder of ShowMeCon Dave Chronister: LinkedIn Profile
Connect with the Head Organizer for ShowMeCon Brooke Deneen: LinkedIn Profile
Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.
Contact Information:Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.
Check out our services page and reach out if you see any services that fit your needs.
Social Media Links:[RSS Feed] [iTunes] [LinkedIn][YouTube]
Subscribe
Sign up with your email address to receive news and updates.
Email Address
Sign Up
We respect your privacy.
Thank you!
View all episodes
By Timothy De Block
4.7
4343 ratings
Summary:
In this episode of the Exploring Information Security podcast, host Timothy De Block sits down with Jason Gillam, long-time developer turned penetration tester and partner at Secure Ideas. The two dive into the real-world value of Content Security Policy (CSP) and why it remains one of the most underutilized tools in web application defense.
Jason shares insights from his upcoming talk at ShowMeCon 2025, including surprising statistics from his analysis of over 750,000 domains, where he found that most CSPs are either missing or misconfigured. He breaks down how CSP works, its role in protecting against injection attacks, and strategies for implementing it properly using nonces, hashes, and report-only modes.
They also discuss:
The challenges of educating developers on CSP
CSP vs. WAF and where each fits in the security stack
How AI and CI/CD can support secure CSP deployment
The importance of building security into code rather than bolting it on later
Whether you're a developer, security professional, or somewhere in between, this episode offers practical and actionable advice on improving your web application security posture.
Mentioned Resources:OWASP CSP Cheat Sheet
Google CSP Evaluator
Use the promo code “ExploringSec” to get $50 off your registration
Showmecon Links and Resources:Learn more about ShowMeCon: showmecon.com
Register for Training or the Conference: Registration Link
Event Venue and Room Block Information: Ameristar Casino & Resort
Connect with the Founder of ShowMeCon Dave Chronister: LinkedIn Profile
Connect with the Head Organizer for ShowMeCon Brooke Deneen: LinkedIn Profile
Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.
Contact Information:Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.
Check out our services page and reach out if you see any services that fit your needs.
Social Media Links:[RSS Feed] [iTunes] [LinkedIn][YouTube]
Subscribe
Sign up with your email address to receive news and updates.
Email Address
Sign Up
We respect your privacy.
Thank you!
More shows like Exploring Information Security - Exploring Information Security
View all
Security Now (Audio)
1,971 Listeners
Risky Business
360 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
627 Listeners
StarTalk Radio
14,115 Listeners
Down the Security Rabbithole Podcast (DtSR)
96 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
367 Listeners
CyberWire Daily
1,006 Listeners
Darknet Diaries
7,864 Listeners
The Indicator from Planet Money
9,553 Listeners
Cybersecurity Today
168 Listeners
CISO Series Podcast
187 Listeners
Hacking Humans
314 Listeners
Defense in Depth
74 Listeners
Brad & Will Made a Tech Pod.
479 Listeners
Cyber Security Headlines
127 Listeners