Content-Security-Policy: An Introduction
Content-Security-Policy (CSP) is a major control to protect against Cross-Site Scripting Attacks. This video talks about both offensive and defensive perspectives of Content-Security-Policy implementations for your application
Code for the example app: https://github.com/we45/csp-flask
Code for the presentation: https://github.com/we45/AppSecEngineerCSPIntro