Evaluating website security: a study on content security policy implementation
| dc.contributor.author | Fernandes de Oliveira, Isabella | |
| dc.contributor.author | Ren, Mengxia | |
| dc.date | 2024-04 | |
| dc.date.accessioned | 2024-05-08T22:04:36Z | |
| dc.date.available | 2024-05-08T22:04:36Z | |
| dc.description.abstract | Content Security Policies (CSPs) are vital defenses against cross-site scripting (XSS) and unauthorized web resource manipulation. This study investigates CSP implementation across the top 100 websites listed in TRANCO, focusing on resilience to external manipulation. Our analysis reveals that over 50% of domains lack adequate protection against XSS attacks, despite CSP implementation. Vulnerabilities include the misuse of 'unsafe-inline' directives and reliance on white-listing-based policies over nonce-based alternatives. These findings highlight the need for a comprehensive CSP approach, prioritizing script and web control. Strategies to enhance website security, such as stricter CSP configurations, are discussed, emphasizing nonce-based strategies and comprehensive directive coverage. | |
| dc.format.medium | posters | |
| dc.identifier.uri | https://hdl.handle.net/11124/179051 | |
| dc.identifier.uri | https://doi.org/10.25676/11124/179051 | |
| dc.language | English | |
| dc.language.iso | eng | |
| dc.publisher | Colorado School of Mines. Arthur Lakes Library | |
| dc.relation.ispartof | 2024 Spring Undergraduate Research Symposium | |
| dc.rights | Copyright of the original work is retained by the author. | |
| dc.title | Evaluating website security: a study on content security policy implementation | |
| dc.type | Text | |
| dc.type | StillImage | |
| dspace.entity.type | Publication |
Files
Original bundle
1 - 1 of 1
Loading...
- Name:
- Fernandes_D_Isabella_UGRS2024.pdf
- Size:
- 408.22 KB
- Format:
- Adobe Portable Document Format