Smart Content Security Policy for Mozilla Firefox

Article Sidebar

PDF
Published: Mar 31, 2016
Keywords:
Content Security Policy, Code Injection Attacks, UserCSP, SmartCSP

Main Article Content

Kailas R. Patil
Madhulika Jhawar
Rashida Mumin
Aashay Mokadam
Kunal Kharsadia

Abstract

Use of Internet is very common these days. There are a lot of websites containing different kinds of content over the internet. An average person visits atleast 8-10 web pages per day. The web page sometimes contains malicious contents or some inline scripts which the user is not aware of. The scripts try to force display contents on user’s screen or try to steal information from the user without the user’s awareness. This makes the user vulnerable. Content Security Policy is a way to defeat these types of attacks. If CSP is enforced on the web browser, content will be displayed from trusted sources only and all other contents will be blocked. UserCSP was implemented to facilitate this purpose. In UserCSP, users could specify the policies they want to enforce. However, this had a drawback too. An average user is not familiar with the concept of CSP. So, we are making SmartCSP, an add-on for Mozilla Firefox. This will facilitate the users who are not aware of CSP by inferring the policies based on the structure of HTML pages loaded.

Article Details

How to Cite
[1]
Kailas R. Patil, Madhulika Jhawar, Rashida Mumin, Aashay Mokadam, and Kunal Kharsadia, “Smart Content Security Policy for Mozilla Firefox”, Int. J. Comput. Eng. Res. Trends, vol. 3, no. 3, pp. 123–128, Mar. 2016.
Issue
Vol. 3 No. 3 (2016): March (2016) Issue
Section
Research Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

IJCERT Policy:

The published work presented in this paper is licensed under the Creative Commons Attribution 4.0 International (CC BY 4.0) license. This means that the content of this paper can be shared, copied, and redistributed in any medium or format, as long as the original author is properly attributed. Additionally, any derivative works based on this paper must also be licensed under the same terms. This licensing agreement allows for broad dissemination and use of the work while maintaining the author's rights and recognition.

By submitting this paper to IJCERT, the author(s) agree to these licensing terms and confirm that the work is original and does not infringe on any third-party copyright or intellectual property rights.

 

References

Sid Stamm, Brandon Sterne, and Gervase Markham. Reining in the web with content security policy. In Proceedings of the 19th International Conference on World Wide Web, 2010.

W3C Candidate Recommendation. Content security policy 1.0. http://www.w3.org/TR/CSP/.

Ashar Javed. Csp aider: An automated recommendation of content security policy for web applications. In IEEE Oakland Web 2.0 Security and Privacy (W2SP 2012), 2012.

Kailas Patil, Tanvi Vyas, and Fredrik Braun. Usercsp:: Add-ons for firefox. https://addons.mozilla.org/en-US/firefox/addon/newusercspdesign/.

Kailas Patil, Tanvi Vyas, Fredrik Braun, Mark Goodwin and Zhenkai Liang Poster: UserCSP- User Specified Content Security Policies, soups’13

Kailas Patil, Tanvi Vyas, and Fredrik Braun. Usercsp. github. https://github.com/patilkr/userCSP.

Isaac Dawson. Security headers on the top 1000000 websites. http://www.veracode.com/blog/2012/11/security-headers-report/.

ScrapyProject. Scrapy: An open source web scraping framework for python. http://scrapy.org/.

W3C Editors Draft. Content security policy 1.1. https://dvcs.w3.org/hg/content-securitypolicy/raw-file/tip/cspspecification.dev.html.

https://en.m.wikipedia.org/wiki/Code_injection/ [11] Michael Weissbacher, Tobias Lauinger, and William Robertson. ‘Why is CSP failing? Trends and challenges in CSP adoption’.