FRINK Linked Data Fragments server

Matches in SemOpenAlex for { <https://semopenalex.org/work/W2510134782> ?p ?o ?g. }

• W2510134782 abstract "Content Security Policy is a web platform mechanism designed to mitigate cross-site scripting (XSS), the top security vulnerability in modern web applications. In this paper, we take a closer look at the practical benefits of adopting CSP and identify significant flaws in real-world deployments that result in bypasses in 94.72% of all distinct policies. We base our Internet-wide analysis on a search engine corpus of approximately 100 billion pages from over 1 billion hostnames; the result covers CSP deployments on 1,680,867 hosts with 26,011 unique CSP policies -- the most comprehensive study to date. We introduce the security-relevant aspects of the CSP specification and provide an in-depth analysis of its threat model, focusing on XSS protections. We identify three common classes of CSP bypasses and explain how they subvert the security of a policy. We then turn to a quantitative analysis of policies deployed on the Internet in order to understand their security benefits. We observe that 14 out of the 15 domains most commonly whitelisted for loading scripts contain unsafe endpoints; as a consequence, 75.81% of distinct policies use script whitelists that allow attackers to bypass CSP. In total, we find that 94.68% of policies that attempt to limit script execution are ineffective, and that 99.34% of hosts with CSP use policies that offer no benefit against XSS. Finally, we propose the strict-dynamic keyword, an addition to the specification that facilitates the creation of policies based on cryptographic nonces, without relying on domain whitelists. We discuss our experience deploying such a nonce-based policy in a complex application and provide guidance to web authors for improving their policies." @default.
• W2510134782 created "2016-09-16" @default.
• W2510134782 creator A5025256132 @default.
• W2510134782 creator A5037626066 @default.
• W2510134782 creator A5044723728 @default.
• W2510134782 creator A5080377300 @default.
• W2510134782 date "2016-10-24" @default.
• W2510134782 modified "2023-10-17" @default.
• W2510134782 title "CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy" @default.
• W2510134782 cites W1473921560 @default.
• W2510134782 cites W1974977720 @default.
• W2510134782 cites W1990421186 @default.
• W2510134782 cites W1991074244 @default.
• W2510134782 cites W2002447170 @default.
• W2510134782 cites W2049214202 @default.
• W2510134782 cites W2057718232 @default.
• W2510134782 cites W2078238197 @default.
• W2510134782 cites W2085925880 @default.
• W2510134782 cites W2103262407 @default.
• W2510134782 cites W2134646643 @default.
• W2510134782 cites W2156978746 @default.
• W2510134782 cites W2168563136 @default.
• W2510134782 cites W2170920217 @default.
• W2510134782 doi "https://doi.org/10.1145/2976749.2978363" @default.
• W2510134782 hasPublicationYear "2016" @default.
• W2510134782 type Work @default.
• W2510134782 sameAs 2510134782 @default.
• W2510134782 citedByCount "58" @default.
• W2510134782 countsByYear W25101347822017 @default.
• W2510134782 countsByYear W25101347822018 @default.
• W2510134782 countsByYear W25101347822019 @default.
• W2510134782 countsByYear W25101347822020 @default.
• W2510134782 countsByYear W25101347822021 @default.
• W2510134782 countsByYear W25101347822022 @default.
• W2510134782 countsByYear W25101347822023 @default.
• W2510134782 crossrefType "proceedings-article" @default.
• W2510134782 hasAuthorship W2510134782A5025256132 @default.
• W2510134782 hasAuthorship W2510134782A5037626066 @default.
• W2510134782 hasAuthorship W2510134782A5044723728 @default.
• W2510134782 hasAuthorship W2510134782A5080377300 @default.
• W2510134782 hasBestOaLocation W25101347821 @default.
• W2510134782 hasConcept C100158260 @default.
• W2510134782 hasConcept C110875604 @default.
• W2510134782 hasConcept C111919701 @default.
• W2510134782 hasConcept C136764020 @default.
• W2510134782 hasConcept C140547941 @default.
• W2510134782 hasConcept C148730421 @default.
• W2510134782 hasConcept C154908896 @default.
• W2510134782 hasConcept C18903297 @default.
• W2510134782 hasConcept C206588197 @default.
• W2510134782 hasConcept C21959979 @default.
• W2510134782 hasConcept C22111027 @default.
• W2510134782 hasConcept C29983905 @default.
• W2510134782 hasConcept C38652104 @default.
• W2510134782 hasConcept C39569185 @default.
• W2510134782 hasConcept C41008148 @default.
• W2510134782 hasConcept C527648132 @default.
• W2510134782 hasConcept C59241245 @default.
• W2510134782 hasConcept C61423126 @default.
• W2510134782 hasConcept C79373723 @default.
• W2510134782 hasConcept C86803240 @default.
• W2510134782 hasConcept C9996903 @default.
• W2510134782 hasConceptScore W2510134782C100158260 @default.
• W2510134782 hasConceptScore W2510134782C110875604 @default.
• W2510134782 hasConceptScore W2510134782C111919701 @default.
• W2510134782 hasConceptScore W2510134782C136764020 @default.
• W2510134782 hasConceptScore W2510134782C140547941 @default.
• W2510134782 hasConceptScore W2510134782C148730421 @default.
• W2510134782 hasConceptScore W2510134782C154908896 @default.
• W2510134782 hasConceptScore W2510134782C18903297 @default.
• W2510134782 hasConceptScore W2510134782C206588197 @default.
• W2510134782 hasConceptScore W2510134782C21959979 @default.
• W2510134782 hasConceptScore W2510134782C22111027 @default.
• W2510134782 hasConceptScore W2510134782C29983905 @default.
• W2510134782 hasConceptScore W2510134782C38652104 @default.
• W2510134782 hasConceptScore W2510134782C39569185 @default.
• W2510134782 hasConceptScore W2510134782C41008148 @default.
• W2510134782 hasConceptScore W2510134782C527648132 @default.
• W2510134782 hasConceptScore W2510134782C59241245 @default.
• W2510134782 hasConceptScore W2510134782C61423126 @default.
• W2510134782 hasConceptScore W2510134782C79373723 @default.
• W2510134782 hasConceptScore W2510134782C86803240 @default.
• W2510134782 hasConceptScore W2510134782C9996903 @default.
• W2510134782 hasLocation W25101347821 @default.
• W2510134782 hasOpenAccess W2510134782 @default.
• W2510134782 hasPrimaryLocation W25101347821 @default.
• W2510134782 hasRelatedWork W1990297896 @default.
• W2510134782 hasRelatedWork W2059725703 @default.
• W2510134782 hasRelatedWork W2095563685 @default.
• W2510134782 hasRelatedWork W2313055692 @default.
• W2510134782 hasRelatedWork W2510134782 @default.
• W2510134782 hasRelatedWork W2735662051 @default.
• W2510134782 hasRelatedWork W2800487524 @default.
• W2510134782 hasRelatedWork W3022702682 @default.
• W2510134782 hasRelatedWork W4234870697 @default.
• W2510134782 hasRelatedWork W2187721372 @default.
• W2510134782 isParatext "false" @default.
• W2510134782 isRetracted "false" @default.
• W2510134782 magId "2510134782" @default.
• W2510134782 workType "article" @default.