Mozilla tackles XSS vulnerabilities with new technology
Posted by Ryan Naraine June 22nd, 2009 @ 1:39 pm
Mozilla’s security engineers are working on new technology that promises to mitigate a large class of Web application vulnerabilities, especially the cross-site scripting (XSS) plague against modern Web browsers.
The project, called Content Security Policy, is designed to shut down XSS attacks by providing a mechanism for sites to explicitly tell the browser which content is legitimate. It can also help mitigate clickjacking and packet sniffing attacks.
No comments:
Post a Comment