Securing Third-party Web Resources Using Subresource Integrity Automation
Abstract
also potentially attack all sites that fetch files from that CDN. Internet security and its awareness is an often discussed topic these days. The diversity and the potential of current web browser applications has highly increased in the last years. With this, the way of how security of such web pages is rated to the users has changed as well. In order to avoid cross scripting attacks we need to authenticate resources that we are fetching from CDN.
This work especially address these cross scripting attacks and measures to avoid it. The Subresource Integrity feature that is announced as W3C recommendation on the 23rd of June 2016 is not still implemented by major portion of user. This work makes it easier for even novice user to use SRI mechanism to protect himself/herself from different kinds of security breaches.
Full Text:
PDFReferences
W3C SRI working draft, [Online]. Available:https://www.w3.org/TR/SRI/.
Engin Kirda, Christopher Kruegel, Giovanni Vigna, and Nenad Jovanovic,Noxes: A Client-Side Solution for Mitigating Cross-Site Scripting Attacks, Proceedings of the 2006 ACM symposioum on Applied Computing,pp.330337, 2006.
Collin Jackson, Adam barth, ForceHTTPS: Protecting High-Security WebSites from Network Attacks.
Matthew Van Gundy, and Hao Chen, Noncespaces: Using randomizationto defeat cross-site scripting attacks, ScienceDirect Computers & Security,Vol. 31, No. 4, pp.612628, 2012.
Shashank gupta, and B.B gupta, Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art.
Mike Ter Louw, and V.N. Venkatakrishnan, BLUEPRINT: Robust Prevention of Cross-site Scripting Attacks for Existing Browsers.
Sid Stamm, Brandon Sterne, and Gervase Markham, Reining in the Web with Content Security Policy.
Amit Levy, Henry Corrigan-Gibbs, and Dan Boneh, Stickler: Defending against Malicious Content Distribution Networks in an Unmodified Browser, IEEE Security & Privacy, Vol. 14, No. 2, pp.2228, 2016.
Yaoqi Jia a, Yue Chen b, Xinshu Dong c, Prateek Saxena a, Jian Mao b,Zhenkai Liang, Man-in-the-browser-cache: Persisting HTTPS attacks vie browser cache poisoning.
Chaitrali Amrutkar and Patrick Traynor, Paul C. van Oorschot, An Empirical Evaluation of Security Indicators in Mobile Web Browsers.
Enrico Budianto, Yaoqi JiaYou, Prateek Saxena, Cant Be Me: Enabling Trusted Paths and User Sub-Origins in Web Browser.
Mozilla Developer Network (Same Origin Policy), https://developer.mozilla.org/en US/docs/Web/Security/Same origin policy
Information about CDN (CDN), https://www.cdnetworks.com/blog/20 cdn web performance stats worth noting
https://developer.mozilla.org/en US/docs/Web/HTTP/CSP
Refbacks
- There are currently no refbacks.
Copyright © IJETT, International Journal on Emerging Trends in Technology