Lucas Estevão

Lucas Estevão

Lucas is a proud dad and kickboxing brown belt. He has over 15 years of experience in large-scale software development, from system design and architecture to engineering management of front-end teams. In addition, he invests time in influencing technical recruitment processes, mentoring engineers, and, most recently, hosting a career podcast in Brazilian Portuguese. Currently working at Apple as a contractor from Avenue Code.
Content Security Policy with Next.js: Leveling Up your Website's Security
React Summit US 2023React Summit US 2023
9 min
Content Security Policy with Next.js: Leveling Up your Website's Security
Top Content
Watch video: Content Security Policy with Next.js: Leveling Up your Website's Security
In this talk, we'll explore the powerful security feature of Content Security Policy (CSP) and how it can be implemented in Next.js to bolster your website's defenses against common web attacks like Cross-Site Scripting (XSS) and data injection. We'll cover the basics of CSP, its benefits, and best practices for implementing it in Next.js. 
Additionally, we'll share some tools to evaluate and test your policy. By the end of this talk, you'll have a solid understanding of how to level up your website's security with CSP and protect your users from the ever-present threats of the modern web.
Shield Your Next.js App With a Content Security Policy
React Advanced 2023React Advanced 2023
6 min
Shield Your Next.js App With a Content Security Policy
Watch video: Shield Your Next.js App With a Content Security Policy
Learn why you should care about Content Security Policy (CSP) and how to implement it in a Next.JS application to level up your security layer. Understand CSP basics, directives, and their role in thwarting web attacks. Moving on to Next.js, the session will delve into implementation details, covering the "nounce" hashes for inline scripts using middlewares and common strategy pitfalls. By the end of the session, participants will be equipped with the knowledge and skills to implement and evaluate a robust CSP policy in Next.js, leveraging its latest features from version 13, effectively safeguarding their web applications against online attacks.