Matches in ScholarlyData for { <https://w3id.org/scholarlydata/inproceedings/www2010/paper/main/901> ?p ?o. }
Showing items 1 to 14 of
14
with 100 items per page.
- 901 creator brandon-sterne.
- 901 creator gervase-markham.
- 901 creator sid-stamm.
- 901 type InProceedings.
- 901 label "Reigning in the Web with Content Security Policy".
- 901 sameAs 901.
- 901 abstract "The last three years have seen a dramatic increase in both awareness and exploitation of Web Application Vulnerabilities. 2008 and 2009 saw dozens of high-profile attacks against websites using Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) for the purposes of information stealing, website defacement, malware planting, clickjacking, etc. While an ideal solution may be to develop web applications free from any exploitable vulnerabilities, real world security is usually provided in layers. We present content restrictions, and a content restrictions enforcement scheme called Content Security Policy (CSP), which intends to be one such layer. Content restrictions allow site designers or server administrators specify how content interacts on their web sites--a security mechanism desparately needed by the untamed Web. These content restrictions rules are activated and enforced by supporting web browsers when a policy is provided for a site via HTTP, and we show how a system such as CSP can be effective to lock down sites and provide an early alert system for vulnerabilities on a web site. Our scheme is also easily deployed, which is made evident by our prototype implementation in Firefox and on the Mozilla Add-Ons web site.".
- 901 hasAuthorList authorList.
- 901 isPartOf proceedings.
- 901 keyword "Fine-grained sharing".
- 901 keyword "access control".
- 901 keyword "privacy".
- 901 keyword "security".
- 901 title "Reigning in the Web with Content Security Policy".