scholarly journals A systematic study of content security policy in web applications

2016 ◽  
Vol 9 (16) ◽  
pp. 3570-3584 ◽  
Author(s):  
Shukai Liu ◽  
Xuexiong Yan ◽  
Qingxian Wang ◽  
Qi Xi
Keyword(s):  
Systematic Study ◽  
Security Policy ◽  
Web Applications ◽  
Content Security

scholarly journals A Protection Mechanism against Malicious HTML and JavaScript Code in Vulnerable Web Applications

2016 ◽  
Vol 2016 ◽  
pp. 1-14
Author(s):  
Shukai Liu ◽  
Xuexiong Yan ◽  
Qingxian Wang ◽  
Xu Zhao ◽  
Chuansen Chai ◽  
...  
Keyword(s):  
High Risk ◽  
Real World ◽  
Web Applications ◽  
Web Pages ◽  
Web Browsers ◽  
Test Results ◽  
Code Size ◽  
Protection Mechanism ◽  
High Profile ◽  
Content Security

The high-profile attacks of malicious HTML and JavaScript code have seen a dramatic increase in both awareness and exploitation in recent years. Unfortunately, exiting security mechanisms provide no enough protection. We propose a new protection mechanism named PMHJ based on the support of both web applications and web browsers against malicious HTML and JavaScript code in vulnerable web applications. PMHJ prevents the injection attack of HTML elements with a random attribute value and the node-split attack by an attribute with the hash value of the HTML element. PMHJ ensures the content security in web pages by verifying HTML elements, confining the insecure HTML usages which can be exploited by attackers, and disabling the JavaScript APIs which may incur injection vulnerabilities. PMHJ provides a flexible way to rein the high-risk JavaScript APIs with powerful ability according to the principle of least authority. The PMHJ policy is easy to be deployed into real-world web applications. The test results show that PMHJ has little influence on the run time and code size of web pages.

Adopting Strict Content Security Policy for XSS Protection

2016 ◽  
Author(s):  
Lukas Weichselbaum ◽  
Michele Spagnuolo ◽  
Artur Janc
Keyword(s):  
Security Policy ◽  
Content Security

Script-templates for the Content Security Policy

2014 ◽  
Vol 19 (3) ◽  
pp. 209-223 ◽  
Author(s):  
Martin Johns
Keyword(s):  
Security Policy ◽  
Content Security

scholarly journals Inlined monitors for security policy enforcement in web applications

2013 ◽  
Author(s):  
Fotios Rafailidis ◽  
Ioannis Panagos ◽  
Panagiotis Katsaros ◽  
Alexandros Arvanitidis
Keyword(s):  
Security Policy ◽  
Web Applications ◽  
Policy Enforcement
Sign in / Sign up

Export Citation Format

Share Document