Mitigating Cross Site Scripting Attacks With A Content Security Policy

• Author(s): R.Jyothi ; Y.Bhavani ; Sk.Mabibi ; S.Priyanka ; B. Sai Jyothi
• Paper ID: 1700555
• Page: 19-24
• Published Date: 13-04-2018
• Published In: Iconic Research And Engineering Journals
• Publisher: IRE Journals
• e-ISSN: 2456-8880
• Volume/Issue: Volume 1 Issue 10 April-2018

Abstract

A content security policy (CSP) can help Web application developers and server administrators better control website content and avoid vulnerabilities to cross-site scripting (XSS). In experiments with a prototype website, the authors' CSP implementation successfully mitigated all XSS attack types in four popular browsers. An XSS attack involves injecting malicious script into a trusted website that executes on a visitor?s browser without the visitor?s knowledge and thereby enables the attacker to access sensitive user data, such as session tokens and cookies stored on the browser.1 With this data, attackers can execute several malicious acts, including identity theft, keylogging, phishing, user impersonation, and webcam activation.

Keywords

Content Security Policy, Cross Site Scripting, Web Applications, Input Sanitizers, Mitigating, Vulnerabilities.

Citations

IRE Journals:
R.Jyothi , Y.Bhavani , Sk.Mabibi , S.Priyanka , B. Sai Jyothi "Mitigating Cross Site Scripting Attacks With A Content Security Policy" Iconic Research And Engineering Journals Volume 1 Issue 10 2018 Page 19-24

IEEE:
R.Jyothi , Y.Bhavani , Sk.Mabibi , S.Priyanka , B. Sai Jyothi "Mitigating Cross Site Scripting Attacks With A Content Security Policy" Iconic Research And Engineering Journals, 1(10)