Visible to the public Biblio

Filters: Author is Spagnuolo, M.  [Clear All Filters]
2017-11-20
Weichselbaum, L., Spagnuolo, M., Janc, A..  2016.  Adopting Strict Content Security Policy for XSS Protection. 2016 IEEE Cybersecurity Development (SecDev). :149–149.

Content Security Policy is a mechanism designed to prevent the exploitation of XSS – the most common high-risk web application flaw. CSP restricts which scripts can be executed by allowing developers to define valid script sources; an attacker with a content-injection flaw should not be able to force the browser to execute arbitrary malicious scripts. Currently, CSP is commonly used in conjunction with domain-based script whitelist, where the existence of a single unsafe endpoint in the script whitelist effectively removes the value of the policy as a protection against XSS ( some examples ).