« All Seminars

  • This seminar has passed.

Failing Content Security Policy? Learning from its past to improve its future

23 March 2022 @ 3:00 pm - 4:00 pm

Content Security Policy has been around for 10 years and still only a fraction of sites on the Web leverage its full potential to mitigate XSS and other flaws. In this talk, we will analyze the evolution of CSP over time and how sites could leverage it to secure against three attacks classes. This is based on our NDSS 2020 paper (https://swag.cispa.saarland/papers/roth2020csp.pdf), which sheds light on the usage of CSP on 10,000 sites over a period of six years. Furthermore, we discuss insights on technical roadblocks of CSP (NDSS 2021, https://swag.cispa.saarland/papers/steffens2021blockparty.pdf), which shows that CSP’s success is in large parts blocked by third parties. Finally, we will discuss our most recent work on (un)usability aspects and fundamental roadblocks for developers (CCS 2021, https://swag.cispa.saarland/papers/roth2021usable.pdf).

Zoom meeting link: https://newcastleuniversity.zoom.us/j/88067048654?pwd=aHJWdjFTOUVtcjlESXd6QlROSnFnUT09
Meeting ID: 880 6704 8654
Passcode: 011646

Youtube live streaming: https://youtu.be/IKcm0lUv_Zs

Details

Date:
23 March 2022
Time:
3:00 pm - 4:00 pm
Seminar Tags:
, ,

Presenter

Ben Stock (CISPA)

Ben Stock is a tenured faculty at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany. Ben leads the Secure Web Application Group at CISPA, and his research focusses on various aspects of Web security, with a recent focus on client-side security mechanisms, in particular CSP and its connections to aspect of usability. His group regularly publishes at major security conferences such as USENIX Security, CSS, and NDSS, and Ben also serves on the PC and as track chair of the venues.

Leave a Reply