International Scientific Journals
of Scientific Technical Union of Mechanical Engineering "Industry 4.0"

The unstoppable growth of security flaws makes the developers more patient in integrating different security defenses in the application development! Most of the security breaches are due to uninformed or unqualified developers! The good part is that Internet provides a large amount of rules/documentations/guidelines/tools free for use to help the developers in their work! But as the coin has two sides each web application needs to provide two parts of security flaws protection. The first level of defense is the well known protection from the outside world, called user input validation! And the second side is to ensure that the application works without a problem! Which means to protect it from inside out by integrating what is called code contracts! Even thought those two types of protection have similar purposes there is a difference which we are going to present in the research!

Due to the unstoppable growth of security flaws, the developers need to pay attention and be patient in the integration of security defence in the application development! In most of the cases, they are either uninformed or unqualified of implementing it which cause some huge breaks in the application! There are a lot of documentations/guidelines/tools free for use to help the developers in their work! For the last few years browsers have integrated certain security header controls to support the web application security! In the present research we will present, in our opinion, one of the most important http security response header – the one responsible for the security of the main base of a web application namely the content! Content Security Policy may help in preventing the some of the most vulnerable security attacks (XSS), but in the hand of an unexperienced developer it can breaks the entire application!