[webappsec] Joel Weinberger's thesis on Analysis and Enforcement of Web Application Security Policies from Hill, Brad on 2013-03-11 (public-webappsec@w3.org from March 2013)

From: Hill, Brad <bhill@paypal-inc.com>
Date: Mon, 11 Mar 2013 03:47:49 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E27959123@DEN-EXDDA-S12.corp.ebay.com>

Jeff Hodges pointed me at Joel Weinberger's thesis:

http://www.joelweinberger.us/papers/2012/weinberger-thesis.pdf

The whole thing is of interest to this group, but especially the sections on CSP, and on his analysis of the (weaknesses / mismatch with common development practices of) the script hashing system in BEEP. (http://www2007.org/papers/paper595.pdf)  That ought to inform our work going forward with CSP 1.1 and script-hash in particular.

-Brad Hill

Received on Monday, 11 March 2013 03:48:18 UTC