Thumbnail Image
Publication

Evaluating website security: a study on content security policy implementation

Fernandes de Oliveira, Isabella
Ren, Mengxia
Citations
Altmetric:
Advisor
Editor
Date
2024-04
Date Issued
Date Submitted
Keywords
Collections
2024 Spring Undergraduate Research Symposium
Show all metadata
Files
Thumbnail Image
Fernandes_D_Isabella_UGRS2024.pdf
Adobe PDF408.22 KB
Research Projects
Organizational Units
Journal Issue
URI
https://hdl.handle.net/11124/179051
 https://doi.org/10.25676/11124/179051
Embargo Expires
Abstract
Content Security Policies (CSPs) are vital defenses against cross-site scripting (XSS) and unauthorized web resource manipulation. This study investigates CSP implementation across the top 100 websites listed in TRANCO, focusing on resilience to external manipulation. Our analysis reveals that over 50% of domains lack adequate protection against XSS attacks, despite CSP implementation. Vulnerabilities include the misuse of 'unsafe-inline' directives and reliance on white-listing-based policies over nonce-based alternatives. These findings highlight the need for a comprehensive CSP approach, prioritizing script and web control. Strategies to enhance website security, such as stricter CSP configurations, are discussed, emphasizing nonce-based strategies and comprehensive directive coverage.
Associated Publications
Rights
Copyright of the original work is retained by the author.
Embedded videos