Content Security Policy Mitigates XSS, Breaks Websites
Source: ThreatPost - Posted by Alex   
Intrusion Detection Content Security Policy (CSP) is an effective, browser-based deterrent against cross-site scripting attacks. Despite this, the vast majority of websites do not deploy the standard, and the majority of those that do, deploy it improperly. The goal of CSP is to mitigate content injection attacks against web applications directly within the browser. It does so by sending the policy via a security header sent by the server to the client which must then enforce it. It allows developers or administrators to define the origins from which different classes of content can be included into a document.

Read this full article at ThreatPost

Only registered users can write comments.
Please login or register.

Powered by AkoComment!