Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
General Topics
»
Content Security Policy for Fx get accustomed to it now....
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Content Security Policy for Fx get accustomed to it now.... (Read 1676 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
Content Security Policy for Fx get accustomed to it now....
«
on:
February 02, 2009, 05:46:29 PM »
Hi malware fighters,
The last 3 years have seen a dramatic increase in both awareness and exploitation of Web Application Vulnerabilities. 2008 has seen dozens of high-profile attacks against websites using Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) for the purposes of information stealing, website defacement, malware planting, etc.
CSP is a new policy introduced inside the Fx and Flock browser to get accustomed to the idea and a proof-of-concept.....
To read more about this initiative:
http://people.mozilla.org/~bsterne/content-security-policy/index.html
To download and install into your browser:
http://people.mozilla.org/~bsterne/content-security-policy/content-security-policy.xpi
or rather and safely so:
https://addons.mozilla.org/nl/firefox/addon/7478
You can toggle the add-on off and on where it sits in the browser and Content Security Policy will be fully backward compatible and will not affect sites or browsers which don't support it. Non-supporting browsers will disregard the Content Security Policy header and will default to the standard Same-Origin policy for webpage content. Another discussion on CSP here:
http://jeremiahgrossman.blogspot.com/2008/06/site-security-policy-open-for-comments.html
I have it now installed in Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2a1pre) Gecko/20090202 Minefield/3.2a1pre ID:20090202033956 (enforced it with Nightly Tester Tools),
OK and keep NoScript installed, this is not a replacement for that Cop inside your Browser...
and here is another view and proposal for this problem:
http://www.cgisecurity.com/2007/11/browser-securit.html
polonus
«
Last Edit: February 02, 2009, 11:25:02 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
General Topics
»
Content Security Policy for Fx get accustomed to it now....