Automatic generation of content security policy to mitigate cross site scripting
Content Security Policy (CSP) is powerful client-side security layer that helps in mitigating and detecting wide ranges of web attacks including cross-site scripting (XSS). However, utilizing CSP by site administrators is a fallible process and may require significant changes in web application code...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
IEEE
2016
|
| Online Access: | http://psasir.upm.edu.my/id/eprint/56016/1/Automatic%20generation%20of%20content%20security%20policy%20to%20mitigate%20cross%20site%20scripting.pdf http://psasir.upm.edu.my/id/eprint/56016/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.upm.eprints.56016 |
|---|---|
| record_format |
eprints |
| spelling |
my.upm.eprints.560162017-07-03T09:28:26Z http://psasir.upm.edu.my/id/eprint/56016/ Automatic generation of content security policy to mitigate cross site scripting Mhana, Samer Attallah Din, Jamilah Atan, Rodziah Content Security Policy (CSP) is powerful client-side security layer that helps in mitigating and detecting wide ranges of web attacks including cross-site scripting (XSS). However, utilizing CSP by site administrators is a fallible process and may require significant changes in web application code. In this paper, we propose an approach to help site administers to overcome these limitations in order to utilize the full benefits of CSP mechanism which leads to more immune sites from XSS. The algorithm is implemented as a plugin. It does not interfere with the web application original code. The plugin can be 'installed' on any other web application with minimum efforts. The algorithm can be implemented as part of Web Server layer, not as part of the business logic layer. It can be extended to support generating CSP for contents that are modified by JavaScript after loading. Current approach inspects the static contents of URLs. IEEE 2016 Conference or Workshop Item PeerReviewed application/pdf en http://psasir.upm.edu.my/id/eprint/56016/1/Automatic%20generation%20of%20content%20security%20policy%20to%20mitigate%20cross%20site%20scripting.pdf Mhana, Samer Attallah and Din, Jamilah and Atan, Rodziah (2016) Automatic generation of content security policy to mitigate cross site scripting. In: 2016 2nd International Conference on Science in Information Technology (ICSITech), 26-27 Oct. 2016, Balikpapan, Indonesia. (pp. 324-328). 10.1109/ICSITech.2016.7852656 |
| institution |
Universiti Putra Malaysia |
| building |
UPM Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Putra Malaysia |
| content_source |
UPM Institutional Repository |
| url_provider |
http://psasir.upm.edu.my/ |
| language |
English |
| description |
Content Security Policy (CSP) is powerful client-side security layer that helps in mitigating and detecting wide ranges of web attacks including cross-site scripting (XSS). However, utilizing CSP by site administrators is a fallible process and may require significant changes in web application code. In this paper, we propose an approach to help site administers to overcome these limitations in order to utilize the full benefits of CSP mechanism which leads to more immune sites from XSS. The algorithm is implemented as a plugin. It does not interfere with the web application original code. The plugin can be 'installed' on any other web application with minimum efforts. The algorithm can be implemented as part of Web Server layer, not as part of the business logic layer. It can be extended to support generating CSP for contents that are modified by JavaScript after loading. Current approach inspects the static contents of URLs. |
| format |
Conference or Workshop Item |
| author |
Mhana, Samer Attallah Din, Jamilah Atan, Rodziah |
| spellingShingle |
Mhana, Samer Attallah Din, Jamilah Atan, Rodziah Automatic generation of content security policy to mitigate cross site scripting |
| author_facet |
Mhana, Samer Attallah Din, Jamilah Atan, Rodziah |
| author_sort |
Mhana, Samer Attallah |
| title |
Automatic generation of content security policy to mitigate cross site scripting |
| title_short |
Automatic generation of content security policy to mitigate cross site scripting |
| title_full |
Automatic generation of content security policy to mitigate cross site scripting |
| title_fullStr |
Automatic generation of content security policy to mitigate cross site scripting |
| title_full_unstemmed |
Automatic generation of content security policy to mitigate cross site scripting |
| title_sort |
automatic generation of content security policy to mitigate cross site scripting |
| publisher |
IEEE |
| publishDate |
2016 |
| url |
http://psasir.upm.edu.my/id/eprint/56016/1/Automatic%20generation%20of%20content%20security%20policy%20to%20mitigate%20cross%20site%20scripting.pdf http://psasir.upm.edu.my/id/eprint/56016/ |
| _version_ |
1643836065975369728 |
| score |
13.160551 |