bei Google ScholarTitelangaben
Roth, Sebastian ; Gröber, Lea ; Backes, Michael ; Krombholz, Katharina ; Stock, Ben:
12 Angry Developers : A Qualitative Study on Developers' Struggles with CSP.
2021
Veranstaltung: ACM SIGSAC Conference on Computer and Communications Security (CCS '21)
, 15.-19.11.2021
.
(Veranstaltungsbeitrag: Kongress/Konferenz/Symposium/Tagung
,
Paper
)
DOI: https://doi.org/10.1145/3460120.3484780
Abstract
The Web has improved our ways of communicating, collaborating, teaching, and entertaining us and our fellow human beings. How- ever, this cornerstone of our modern society is also one of the main targets of attacks, most prominently Cross-Site Scripting (XSS). A correctly crafted Content Security Policy (CSP) is capable of effec- tively mitigating the effect of those Cross-Site Scripting attacks. However, research has shown that the vast majority of all policies in the wild are trivially bypassable.
To uncover the root causes behind the omnipresent miscon- figuration of CSP, we conducted a qualitative study involving 12 real-world Web developers. By combining a semi-structured inter- view, a drawing task, and a programming task, we were able to identify the participant’s misconceptions regarding the attacker model covered by CSP as well as roadblocks for secure deployment or strategies used to create a CSP.
Weitere Angaben
| Publikationsform: | Veranstaltungsbeitrag (Paper) |
|---|---|
| Begutachteter Beitrag: | Ja |
| Institutionen der Universität: | Fakultäten > Fakultät für Mathematik, Physik und Informatik Fakultäten > Fakultät für Mathematik, Physik und Informatik > Institut für Informatik |
| Titel an der UBT entstanden: | Nein |
| Themengebiete aus DDC: | 000 Informatik,Informationswissenschaft, allgemeine Werke 000 Informatik,Informationswissenschaft, allgemeine Werke > 004 Informatik |
| Eingestellt am: | 20 Jan 2025 10:50 |
| Letzte Änderung: | 20 Jan 2025 10:50 |
| URI: | https://eref.uni-bayreuth.de/id/eprint/91465 |