Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
WWW
2010
ACM
2010
ACM
Reining in the web with content security policy
The last three years have seen a dramatic increase in both awareness and exploitation of Web Application Vulnerabilities. 2008 and 2009 saw dozens of high-profile attacks against websites using Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) for the purposes of information stealing, website defacement, malware planting, clickjacking, etc. While an ideal solution may be to develop web applications free from any exploitable vulnerabilities, real world security is usually provided in layers. We present content restrictions, and a content restrictions enforcement scheme called Content Security Policy (CSP), which intends to be one such layer. Content restrictions allow site designers or server administrators to specify how content interacts on their web sites—a security mechanism desperately needed by the untamed Web. These content restrictions rules are activated and enforced by supporting web browsers when a policy is provided for a site via HTTP, and we show how a s...
Real-time TrafficContent Restrictions | Content Restrictions Enforcement | Internet Technology | Security | WWW 2010 |
Related Content
| Added | 03 Jul 2010 |
| Updated | 03 Jul 2010 |
| Type | Conference |
| Year | 2010 |
| Where | WWW |
| Authors | Sid Stamm, Brandon Sterne, Gervase Markham |
Comments (0)
Researcher Info
|
