at Google ScholarTitle data
Roth, Sebastian ; Gröber, Lea ; Backes, Michael ; Krombholz, Katharina ; Stock, Ben:
12 Angry Developers : A Qualitative Study on Developers' Struggles with CSP.
2021
Event: ACM SIGSAC Conference on Computer and Communications Security (CCS '21)
, 15.-19.11.2021
.
(Conference item: Conference
,
Paper
)
DOI: https://doi.org/10.1145/3460120.3484780
Abstract in another language
The Web has improved our ways of communicating, collaborating, teaching, and entertaining us and our fellow human beings. How- ever, this cornerstone of our modern society is also one of the main targets of attacks, most prominently Cross-Site Scripting (XSS). A correctly crafted Content Security Policy (CSP) is capable of effec- tively mitigating the effect of those Cross-Site Scripting attacks. However, research has shown that the vast majority of all policies in the wild are trivially bypassable.
To uncover the root causes behind the omnipresent miscon- figuration of CSP, we conducted a qualitative study involving 12 real-world Web developers. By combining a semi-structured inter- view, a drawing task, and a programming task, we were able to identify the participant’s misconceptions regarding the attacker model covered by CSP as well as roadblocks for secure deployment or strategies used to create a CSP.
Further data
| Item Type: | Conference item (Paper) |
|---|---|
| Refereed: | Yes |
| Institutions of the University: | Faculties > Faculty of Mathematics, Physics und Computer Science Faculties > Faculty of Mathematics, Physics und Computer Science > Department of Computer Science |
| Result of work at the UBT: | No |
| DDC Subjects: | 000 Computer Science, information, general works 000 Computer Science, information, general works > 004 Computer science |
| Date Deposited: | 20 Jan 2025 10:50 |
| Last Modified: | 20 Jan 2025 10:50 |
| URI: | https://eref.uni-bayreuth.de/id/eprint/91465 |