Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 5th April 2011
J65nko J65nko is offline
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,506
Default CSP: Thwarting cross-site scripting and click-jacking attacks

From http://www.h-online.com/security/fea...s-1216438.html

Content Security Policies are designed to prevent cross-site scripting and other attack types. Firefox 4 is the first browser to support this new concept.

Cross-site scripting (XSS) has become the plague of the internet, and even the banks haven't managed fully to tackle this problem on their web sites. However, XSS attacks on browsers could soon be a thing of the past, at least for Firefox users: the Mozilla Foundation's latest version 4 of Firefox supports the concept of Content Security Policy (CSP). This allows web administrators to tell browsers which domains to accept as trusted sources of JavaScript code by sending the special X-Content-Security-Policy HTTP header.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
CouchDB update fixes cross-site scripting vulnerabilities J65nko News 0 1st February 2011 06:49 PM
Microsoft warns of cross-site scripting in Windows J65nko News 1 31st January 2011 04:35 PM
Help with Home connection site to site vpn setup badguy OpenBSD Security 3 25th October 2010 05:15 PM
carefull confirm on using linux_base-fc8 Click to flag this post cuongvt FreeBSD General 2 8th May 2009 01:57 AM
Bare Minimum Site-to-Site VPN on OpenBSD ai-danno Guides 0 20th May 2008 12:45 AM

All times are GMT. The time now is 08:46 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick