How to Implement a Content Security Policy (CSP)

Summary:

In this episode of the Exploring Information Security podcast, host Timothy De Block sits down with Jason Gillam, long-time developer turned penetration tester and partner at Secure Ideas. The two dive into the real-world value of Content Security Policy (CSP) and why it remains one of the most underutilized tools in web application defense.

Jason shares insights from his upcoming talk at ShowMeCon 2025, including surprising statistics from his analysis of over 750,000 domains, where he found that most CSPs are either missing or misconfigured. He breaks down how CSP works, its role in protecting against injection attacks, and strategies for implementing it properly using nonces, hashes, and report-only modes.

They also discuss:

• The challenges of educating developers on CSP

• CSP vs. WAF and where each fits in the security stack

• How AI and CI/CD can support secure CSP deployment

• The importance of building security into code rather than bolting it on later

Whether you're a developer, security professional, or somewhere in between, this episode offers practical and actionable advice on improving your web application security posture.

Mentioned Resources:

• OWASP CSP Cheat Sheet

• Google CSP Evaluator

Use the promo code “ExploringSec” to get $50 off your registration

Showmecon Links and Resources:

• Learn more about ShowMeCon: showmecon.com

• Register for Training or the Conference: Registration Link

• Event Venue and Room Block Information: Ameristar Casino & Resort

• Connect with the Founder of ShowMeCon Dave Chronister: LinkedIn Profile

• Connect with the Head Organizer for ShowMeCon Brooke Deneen: LinkedIn Profile

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]

Subscribe

Sign up with your email address to receive news and updates.

Email Address

newsletter-form-button

sqs-system-button

sqs-editable-button-layout

sqs-editable-button-style

sqs-editable-button-shape

sqs-button-element--primary

" type="submit" value="Sign Up">

Sign Up

We respect your privacy.

Thank you!