W3C home > Mailing lists > Public > public-webappsec@w3.org > March 2013

[webappsec] Joel Weinberger's thesis on Analysis and Enforcement of Web Application Security Policies

From: Hill, Brad <bhill@paypal-inc.com>
Date: Mon, 11 Mar 2013 03:47:49 +0000
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
Message-ID: <370C9BEB4DD6154FA963E2F79ADC6F2E27959123@DEN-EXDDA-S12.corp.ebay.com>
Jeff Hodges pointed me at Joel Weinberger's thesis:

http://www.joelweinberger.us/papers/2012/weinberger-thesis.pdf

The whole thing is of interest to this group, but especially the sections on CSP, and on his analysis of the (weaknesses / mismatch with common development practices of) the script hashing system in BEEP. (http://www2007.org/papers/paper595.pdf)  That ought to inform our work going forward with CSP 1.1 and script-hash in particular.

-Brad Hill
Received on Monday, 11 March 2013 03:48:18 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:00 UTC