Abstract

Content Security Policy (CSP) is one of the most promising countermeasures against XSS, but it should follow some best practices, otherwise security smells (i.e., recurring coding patterns that are indicative of security weakness) may appear. Among the most important CSP best practices is to not allow the use of unsafe-inline and unsafe-eval policies. The method disclosed here adds innovative aspects to the current state-of-the-art to provide automatic means of getting rid of unsafe policies in CSP.

Creative Commons License

This work is licensed under a Creative Commons Attribution-Share Alike 4.0 License.

Recommended Citation

INC, HP, "AUTOMATICALLY FIXING SECURITY SMELLS IN CONTENT SECURITY POLICIES (CSP) FOR WEB APPLICATIONS", Technical Disclosure Commons, (February 16, 2021)
https://www.tdcommons.org/dpubs_series/4073

Download

COinS

Technical Disclosure Commons

Defensive Publications Series

AUTOMATICALLY FIXING SECURITY SMELLS IN CONTENT SECURITY POLICIES (CSP) FOR WEB APPLICATIONS

Abstract

Creative Commons License

Recommended Citation

Browse

Search

Submit

Additional Information

Technical Disclosure Commons

Defensive Publications Series

AUTOMATICALLY FIXING SECURITY SMELLS IN CONTENT SECURITY POLICIES (CSP) FOR WEB APPLICATIONS

Inventor(s)

Abstract

Creative Commons License

Recommended Citation

Share

Browse

Search

Submit

Additional Information