csp

Thu
02
Jul
Dennis Faas's picture

New Tech to Quash Drive by Downloads, XSS Attacks

Makers of the popular Firefox web browser, Mozilla, are working on new technology that it hopes will remove the threat of Cross-Site Scripting (XSS) attacks that have compromised legitimate websites for years by injecting pages with malicious code. ... XSS vulnerabilities allow hackers to unsuspectingly inject malicious code into pages that persuade users to click on links launching drive-by downloads . Content Security Policy (CSP) to Stop XSS Attacks Drive-by downloads are made possible because content received from a web server's response is treated the same, regardless of whether it's ... (view more)

Subscribe to RSS - csp