[webappsec] Joel Weinberger's thesis on Analysis and Enforcement of Web Application Security Policies

Jeff Hodges pointed me at Joel Weinberger's thesis:


The whole thing is of interest to this group, but especially the sections on CSP, and on his analysis of the (weaknesses / mismatch with common development practices of) the script hashing system in BEEP. (http://www2007.org/papers/paper595.pdf)  That ought to inform our work going forward with CSP 1.1 and script-hash in particular.

-Brad Hill

Received on Monday, 11 March 2013 03:48:18 UTC