Content security policy validation
- 1 University of Library and Information technology (UNIBIT)
Abstract
Due to the unstoppable growth of security flaws, the developers need to pay attention and be patient in the integration of security defence in the application development! In most of the cases, they are either uninformed or unqualified of implementing it which cause some huge breaks in the application! There are a lot of documentations/guidelines/tools free for use to help the developers in their work! For the last few years browsers have integrated certain security header controls to support the web application security! In the present research we will present, in our opinion, one of the most important http security response header – the one responsible for the security of the main base of a web application namely the content! Content Security Policy may help in preventing the some of the most vulnerable security attacks (XSS), but in the hand of an unexperienced developer it can breaks the entire application!
Keywords
References
- OWASP, Cross-site scripting
- Content Security Policy Reference, Founder Inc. 2012-2016
- Content Security Policy - An Introduction, Scott Helme, November 2014
- ICT Security Trends, Willian Dimitrov, Sofia, 2017, Avangard, ISBN 978-619-160-766-2
- Software testing, Willian Dimitrov, Sofia, 2017, Avangard, ISBN 978-619-160-765-5
- ICT Security Model, Willian Dimitrov, Sofia, 2018, Avangard, ISBN 978-619-160-950-5
- HTTP SECURITY HEADERS, Lilyana Petkova, March 2019
- Content Security Policy 1.0, Brandon Sterne, Adam Barth, November 2012, W3C
- Content Security Policy 2.0, Mike West, Adam Barth, Dan Veditz, Brandon Sterne, November 2016, W3C
- Content Security Policy 3.0, Mike West, October 2018, W3C
- Content-Security-Policy, Mozilla Developers Network, April 2019
- Content Security Policy, Mozilla Developers Network, April 2019
- 5 Practical Scenarios for XSS Attacks, Satyam Singh, October 2018
- https://caniuse.com, April 2019