Content Security Policy (CSP) is a W3C standard designed to prevent and mitigate the impact of content injection vulnerabilities on websites. CSP is supported by all major web browsers and routinely used by thousands of web developers in the world to improve the security of their web applications. In this paper we review our formalization of a core fragment of CSP, which we fruitfully employed to reason on the security import of flawed CSP implementations and deployments, as well as to perform a longitudinal analysis of how existing policies are evolving as the result of maintenance operations.
Autori: | ||
Data di pubblicazione: | 2019 | |
Titolo: | Semantically Sound Analysis of Content Security Policies | |
Titolo del libro: | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) | |
Digital Object Identifier (DOI): | http://dx.doi.org/10.1007/978-3-030-21759-4_18 | |
Appare nelle tipologie: | 4.1 Articolo in Atti di convegno |
File in questo prodotto:
File | Descrizione | Tipologia | Licenza | |
---|---|---|---|---|
forte19.pdf | Documento in Post-print | Accesso chiuso-personale | Riservato |
I documenti in ARCA sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.