AutoCSP: Automatically Retrofitting CSP to Web Applications

  title={AutoCSP: Automatically Retrofitting CSP to Web Applications},
  author={Mattia Fazzini and Prateek Saxena and Alessandro Orso},
  journal={2015 IEEE/ACM 37th IEEE International Conference on Software Engineering},
Web applications often handle sensitive user data, which makes them attractive targets for attacks such as cross-site scripting (XSS). Content security policy (CSP) is a content-restriction mechanism, now supported by all major browsers, that offers thorough protection against XSS. Unfortunately, simply enabling CSP for a web application would affect the application's behavior and likely disrupt its functionality. To address this issue, we propose AutoCSP, an automated technique for… CONTINUE READING
Highly Cited
This paper has 17 citations. REVIEW CITATIONS


Publications citing this paper.
Showing 1-10 of 13 extracted citations


Publications referenced by this paper.

Similar Papers

Loading similar papers…