Adopting Strict Content Security Policy for XSS Protection
| Title | Adopting Strict Content Security Policy for XSS Protection |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Weichselbaum, L., Spagnuolo, M., Janc, A. |
| Conference Name | 2016 IEEE Cybersecurity Development (SecDev) |
| Date Published | nov |
| ISBN Number | 978-1-5090-5589-0 |
| Keywords | Collaboration, computer security, Conferences, content security policy, content-injection flaw, CSP, data protection, Google, governance, Government, Internet, Licenses, policy, policy-based governance, Production, pubcrawl, script source, security of data, security policies, Tutorials, Web application flaw, XSS protection |
| Abstract | Content Security Policy is a mechanism designed to prevent the exploitation of XSS - the most common high-risk web application flaw. CSP restricts which scripts can be executed by allowing developers to define valid script sources; an attacker with a content-injection flaw should not be able to force the browser to execute arbitrary malicious scripts. Currently, CSP is commonly used in conjunction with domain-based script whitelist, where the existence of a single unsafe endpoint in the script whitelist effectively removes the value of the policy as a protection against XSS ( some examples ). |
| URL | https://ieeexplore.ieee.org/document/7839808/ |
| DOI | 10.1109/SecDev.2016.039 |
| Citation Key | weichselbaum_adopting_2016 |
- Licenses
- XSS protection
- Web application flaw
- Tutorials
- security policies
- security of data
- script source
- pubcrawl
- Production
- policy-based governance
- Policy
- collaboration
- internet
- Government
- Governance
- Data protection
- CSP
- content-injection flaw
- content security policy
- Conferences
- computer security