Explore the effectiveness of Content Security Policy (CSP) in real-world scenarios through this conference talk presented at CCS 2016. Delve into the intricacies of CSP, examining its implementation, browser support, and potential inconsistencies. Analyze the adoption rates, configuration practices, and the evolution of CSP deployment. Gain insights into harsh policies and their impact on cross-site scripting (XSS) vulnerabilities. Learn about the research goals, methodologies, and key findings presented by authors from Università Ca' Foscari Venezia, offering a comprehensive evaluation of CSP's role in addressing content security problems.
Evaluating the Effectiveness of Content Security Policy in the Wild
Association for Computing Machinery (ACM) via YouTube
Overview
Syllabus
Intro
Content Security Policy
Example
More on Inline Scripts
Research Goals
] Browser Support for CSP
] Enforcing Multiple Policies
[RQ1] Inconsistent Behaviours
Adoption of CSP
] Main Findings
] Configuration of CSP
] Harsh Policies
[RQ3] Defining Weakness to XSS
[RQ3] Weakness to XSS
] Evolution of CSP Deployment
Taught by
ACM CCS
Related Courses
-
Defeating Cross-site Scripting with Content Security Policy 2
-
Roadblocks for Content Security Policy (CSP) Implementation - Developer Challenges and Solutions
-
Fixing XSS with Content Security Policy
-
CSP is Dead, Long Live CSP! - On the Insecurity of Whitelists and the Future of the Content Security Policy
-
Fixing XSS with Content Security Policy
-
Are You Botching the Security of Your AngularJS Application
