Hi all, Someone from Mozilla is talking about their proposed new security spec, CSP, today at Stanford.
I'm planning to go; was anyone else from MTV aware of this and hoping to go? I can send out a summary of the talk afterwards if there's interest. https://wiki.mozilla.org/Security/CSP/Spec I have not heard of any discussion of this spec or if we plan to implement it. Anyone have any thoughts? -- Dirk > Title: Shutting Down XSS with Content Security Policy > > Speaker: Sid Stamm, Mozilla > > Abstract: > > The last 3 years have seen a dramatic increase in both awareness and > exploitation of Web Application Vulnerabilities. 2008 saw dozens of > high-profile attacks against websites using Cross Site Scripting (XSS) > and Cross Site Request Forgery (CSRF) for the purposes of information > stealing, website defacement, malware planting, etc. While an ideal > solution may be to develop web applications free from any exploitable > vulnerabilities, real world security is usually provided in layers. > We present Content Security Policy (CSP), which intends to be one > such layer. CSP is a content restrictions policy language and > enforcement system that allows site designers or server administrators > specify how content interacts on their web sites. We also discuss the > long road traveled to a useful policy definition and lessons learned > along the way to an implementation in Firefox. > > 13 Oct (Tuesday) at 1630 hrs > Gates 4B (opposite 490) --~--~---------~--~----~------------~-------~--~----~ Chromium Developers mailing list: chromium-dev@googlegroups.com View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-dev -~----------~----~----~----~------~----~------~--~---