Mozilla tells in their blog that they have completed first test versions of new Content Security Policy (CSP) technology and that it will be included in the upcoming Firefox versions. The main target of CSP is to prevent XSS -attacks (cross site scripting) that have become important tool for data criminals. In XSS -attack criminals inject malicious code to web site. Code redirects browser to download contents direct from criminal servers while user sees the site .
The idea of CSP is that website administrators specify which domains the browser should treat as valid sources of script. This prevents Firefox users from accessing malicious contents even if criminals would have success in injecting xss in the website. Clickjacking attacks can be prevented in the same way.
Detailed explanation of CSP and how it works can be viewed here.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment