FlexCSP - Putting Content Security Policy to work for Practical Web Applications
Research Project, 2016

Cross-site scripting (XSS) vulnerabilities are among the most prevailing problems on the web. Among the practically deployed countermeasures is the "last line of defense" Content Security Policy (CSP) to mitigate the effects of XSS attacks by browser-enforced restrictions on cross-domain communications. Although pioneered in deployment by major players such as Google, Facebook, and Tweeter, the adoption of CSP has been frustratingly slow, with several roadblocks related to CSP's rigidness. To fulfill the promise of CSP, we propose FlexCSP, an approach to make CSP more flexible and thus more practical for deployment in practical web applications. We will achieve this by exploring the trade-off between performance and security, investigating possibilities of fine-grained CSP, and CSP for sandboxing.

Participants

Andrei Sabelfeld (contact)

Chalmers, Computer Science and Engineering (Chalmers), Information Security

Other projects Research

Funding

Google Ireland Ltd

Project ID: 2016_771
Funding Chalmers participation during 2016

More projects

Related Areas of Advance and Infrastructure

Information and Communication Technology

Areas of Advance

Other projects

More information

Latest update

5/25/2021

Feedback and support

If you have questions, need help, find a bug or just want to give us feedback you may use this form, or contact us per e-mail research.lib@chalmers.se.

About

Research.chalmers.se contains research information from Chalmers University of Technology, Sweden. It includes information on projects, publications, research funders and collaborations.

More about coverage period and what is publicly available

Privacy and cookies

Accessibility

Citation Style Language
citeproc-js (Frank Bennett)

Links

Chalmers Library
Chalmers Research
Chalmers Student Theses

Chalmers University of Technology

SE-412 96 GOTHENBURG, SWEDEN
PHONE: +46 (0)31-772 10 00
WWW.CHALMERS.SE