Mitigating Cross-Site Scripting Attacks with a Content Security Policy

被引：15

作者：

Yusof, Imran ^{[1
]}

Pathan, Al-Sakib Khan ^{[2
]}

机构：

[1] Int Islamic Univ Malaysia, Kulliyyah Informat & Commun Technol, Kuala Lumpur, Malaysia

[2] Int Islamic Univ Malaysia, Dept Comp Sci, Kuala Lumpur, Malaysia

来源：

COMPUTER | 2016年 / 49卷 / 03期

关键词：

Browsers; Computer security; Content management; Payloads; Loading; Uniform resource locators; Media; Web services; Internet; Web vulnerabilities; security; Web technology; content security policy; CSP; cross-site scripting; XSS; Web applications;

D O I：

10.1109/MC.2016.76

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

A content security policy (CSP) can help Web application developers and server administrators better control website content and avoid vulnerabilities to cross-site scripting (XSS). In experiments with a prototype website, the authors' CSP implementation successfully mitigated all XSS attack types in four popular browsers. © 2016 IEEE.

引用

页码：56 / 63

页数：8

共 8 条

[1]

[Anonymous], THESIS U PASSAU

[2]

[Anonymous], 2014, 5 INT C INFORM COMMU

[3]

[Anonymous], 2013, OWASP TOP 10 2013 10

[4]

Jim Trevor., 2007, WWW 07, P601, DOI DOI 10.1145/1242572.1242654

[5]

Kirda E., 2006, Applied Computing 2006. 21st Annual ACM Symposium on Applied Computing, P330, DOI 10.1145/1141277.1141357

[6]

Nadji Y., 2009, P 6 ANN NETW DISTR S

[7] Defending against Cross-Site Scripting Attacks [J].

Shar, Lwin Khin ;

Tan, Hee Beng Kuan .

COMPUTER, 2012, 45 (03) :55-62

[8] BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers [J].

Ter Louw, Mike ;

Venkatakrishnan, V. N. .

PROCEEDINGS OF THE 2009 30TH IEEE SYMPOSIUM ON SECURITY AND PRIVACY, 2009, :331-346

← 1 →