Jeroen Boersma - CSP: Side effects of making the world a better place

During my work on implementing Content Security Policies I found some nice side effects, headers being to large, nice hacks to still do XSS on Magento websites who disallow evaluated code.

Jeroen Boersma

Jeroen Boersma

CSP: Side effects of making the world a better place

During my work on implementing Content Security Policies I found some nice side effects, headers being to large, nice hacks to still do XSS on Magento websites who disallow evaluated code. It will in a way be a shameless plug for https://github.com/hyva-themes/magento2-optimized-csp-allowlist but of course we will show with some examples of what the risks are, having CSP and the things that can still happen to you...

What will you learn?

You get more intel on what CSP headers enforce and learn some things that are wrong with the current implementation of CSP in default Magento.

About Jeroen Boersma

Jeroen Boersma is the securtiy officer for Hyva, former co-owner of elgentos. Working for many years with Magento, trying to make the world a better place every day.

Meet Other Event Speakers

Andreas von Studnitz

Andreas von Studnitz

David Lambauer

David Lambauer

Ivan Chepurnyi

Ivan Chepurnyi

Jordy Scholing

Jordy Scholing

Ksenia Zvereva

Ksenia Zvereva

Leoni Sambell-Tielrooy

Leoni Sambell-Tielrooy

Marek Kubacak

Marek Kubacak

Michiel Gerritsen

Michiel Gerritsen

Sean van Zuidam

Sean van Zuidam

Toon Van Dooren

Toon Van Dooren

Last Event Gallery

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Get updates!

Don’t miss our future updates