We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
CSP adoption: current status and future prospects.
- Authors
Ying, Ming; Li, Shu Qin
- Abstract
Content security policy (CSP) is a security mechanism that can be used to mitigate cross-site scripting (also known as XSS) and other related attacks. Although CSP is a promising mechanism to prevent XSS attack, it is not widely used. In this paper, we built a Java-based web crawler to examine the current state of hypertext transfer protocol security headers and the adoption rate of CSP. The results show that usage for hypertext transfer protocol security headers is increasing. As for CSP, seven websites use CSP among the top 100 popular sites (8%) both in January and June 2015; 716 (0.066%) and 1241 (0.133%) websites enable CSP in January and June 2015, respectively (73% increase). A detailed analysis of the CSP settings that websites used is also performed. This analysis shows that many websites with CSP do not have the correct policies to prevent XSS. Finally, challenges for adopting CSP and methods to increase the adoption rate are discussed. Copyright © 2016 John Wiley & Sons, Ltd.
- Subjects
CONTENT filters (Computer science); WEBSITE security; COMPUTER network protocols; WEB-based user interfaces; HTTP (Computer network protocol)
- Publication
Security & Communication Networks, 2016, Vol 9, Issue 17, p4557
- ISSN
1939-0114
- Publication type
Article
- DOI
10.1002/sec.1649