Safe script templating to provide reliable protection against attacks
作者: Martin Johns
DOI:
关键词:
摘要: Methods, systems, and computer-readable storage media for inhibiting cross-site scripting (XSS) attacks, where actions include receiving a document that provides content security policy (CSP) website an extension to the CSP, CSP specifying allowed script checksums, each checksum being associated with is be executed, requiring comparison of checksums before respective scripts can templates value list, calculating expected template provide comparing determining at least one matches checksum, in response, executing corresponds checksum.
lens.org 参考文章(30)
Giovanni Vigna, William Robertson, Static enforcement of web application integrity through strong typing usenix security symposium. pp. 283- 298 ,(2009)
Engin Kirda, Christopher Krügel, Nenad Jovanovic, Giovanni Vigna, Philipp Vogt, Florian Nentwich, Cross Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. network and distributed system security symposium. ,(2007)
Anh Nguyen-Tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, David Evans, Automatically Hardening Web Applications Using Precise Tainting information security conference. pp. 295- 307 ,(2004) , 10.1007/0-387-25660-1_20
Michael Andrews, Dennis Gursky, Sharat Shroff, Melissa Lauren Benua, Cross-site scripting prevention in dynamic content ,(2010)
Yacin Nadji, Prateek Saxena, Dawn Song, Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense. network and distributed system security symposium. ,(2009)
Mathew Cowan, Travis Skare, Christopher Pedregal, Rajat Bhatnagar, Method and apparatus for secure messaging ,(2007)
Martin Johns, Christian Beyerlein, Rosemaria Giesecke, Joachim Posegga, Secure Code Generation for Web Applications Lecture Notes in Computer Science. pp. 96- 113 ,(2010) , 10.1007/978-3-642-11747-3_8
Prithvi Bisht, V. N. Venkatakrishnan, XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks international conference on detection of intrusions and malware and vulnerability assessment. pp. 23- 43 ,(2008) , 10.1007/978-3-540-70542-0_2
Tadeusz Pietraszek, Chris Vanden Berghe, Defending Against Injection Attacks Through Context-Sensitive String Evaluation Lecture Notes in Computer Science. pp. 124- 145 ,(2006) , 10.1007/11663812_7