Literature by the same author
plus at Google Scholar

Bibliografische Daten exportieren
 

12 Angry Developers : A Qualitative Study on Developers' Struggles with CSP

Title data

Roth, Sebastian ; Gröber, Lea ; Backes, Michael ; Krombholz, Katharina ; Stock, Ben:
12 Angry Developers : A Qualitative Study on Developers' Struggles with CSP.
2021
Event: ACM SIGSAC Conference on Computer and Communications Security (CCS '21) , 15.-19.11.2021 .
(Conference item: Conference , Paper )
DOI: https://doi.org/10.1145/3460120.3484780

Abstract in another language

The Web has improved our ways of communicating, collaborating, teaching, and entertaining us and our fellow human beings. How- ever, this cornerstone of our modern society is also one of the main targets of attacks, most prominently Cross-Site Scripting (XSS). A correctly crafted Content Security Policy (CSP) is capable of effec- tively mitigating the effect of those Cross-Site Scripting attacks. However, research has shown that the vast majority of all policies in the wild are trivially bypassable.
To uncover the root causes behind the omnipresent miscon- figuration of CSP, we conducted a qualitative study involving 12 real-world Web developers. By combining a semi-structured inter- view, a drawing task, and a programming task, we were able to identify the participant’s misconceptions regarding the attacker model covered by CSP as well as roadblocks for secure deployment or strategies used to create a CSP.

Further data

Item Type: Conference item (Paper)
Refereed: Yes
Institutions of the University: Faculties > Faculty of Mathematics, Physics und Computer Science
Faculties > Faculty of Mathematics, Physics und Computer Science > Department of Computer Science
Result of work at the UBT: No
DDC Subjects: 000 Computer Science, information, general works
000 Computer Science, information, general works > 004 Computer science
Date Deposited: 20 Jan 2025 10:50
Last Modified: 20 Jan 2025 10:50
URI: https://eref.uni-bayreuth.de/id/eprint/91465