This course explores the insecurity of whitelists and the future of Content Security Policy (CSP). By the end of the course, learners will understand the limitations of whitelists, the potential vulnerabilities they introduce, and the implications for CSP. The course covers topics such as postprocessing, normalization, CSP use cases, policies, the state of CSP, bypass probability, whitelisted domains, and tool support. The teaching method involves a presentation delivered at a conference, making it suitable for individuals interested in web security, CSP, and whitelisting techniques.
CSP is Dead, Long Live CSP! - On the Insecurity of Whitelists and the Future of the Content Security Policy
Association for Computing Machinery (ACM) via YouTube
Overview
Syllabus
Introduction
Who are we
What are we doing
Research questions
Postprocessing
Why
Normalization
CSP Use Cases
CSP Policies
Summary
State of CSP
Bypass Probability
Whitelisted Domains
Tool Support
Taught by
ACM CCS
