Sign up FAST! Login

CSP Is Dead, Long Live CSP! On the Insecurity of Whitelists and the Future of Content Security Policy, by Google Research


Stashed in: The Web, Software!

To save this post, select a stash from drop-down menu or type in a new one:

Geez, from studying 100 billion pages from 1 billion domain names:

14 out of the 15 domains most commonly whitelisted for loading scripts contain unsafe endpoints; as a consequence, 75.81% of distinct policies use script whitelists that allow attackers to bypass CSP. In total, we find that 94.68% of policies that attempt to limit script execution are ineffective, and that 99.34% of hosts with CSP use policies that offer no benefit against XSS.

This why I always bring my unhackable writing stone with me to save sensitive data.

image-57c9e0081ccd4-SDg2.jpeg

That looks like fun but on the other hand it seems kinda heavy to carry around. 

It's actually a solution to both security and obesity.

Multitasking! :)

You May Also Like: