UK-SPS Seminar: 23rd March - Title: Failing Content Security Policy?

The UK-SPS Seminar  this week will be as follows: 

Time: Wed, March 23, 15:00 – 16:00 (UK Time) 

Attendance via Zoom

Livestream via Youtube

Speaker: Ben Stock (CISPA)

Title: Failing Content Security Policy? Learning from its past to improve its future

Abstract: Content Security Policy has been around for 10 years and still only a fraction of sites on the Web leverage its full potential to mitigate XSS and other flaws. In this talk, we will analyze the evolution of CSP over time and how sites could leverage it to secure against three attack classes. This is based on our NDSS 2020 paper, which sheds light on the usage of CSP on 10,000 sites over a period of six years. Furthermore, we discuss insights on technical roadblocks of CSP (NDSS 2021), which shows that CSP’s success is in large part blocked by third parties. Finally, we will discuss our most recent work on (un)usability aspects and fundamental roadblocks for developers (CCS 2021).

Bio: Ben Stock is a tenured faculty at the CISPA Helmholtz Center for Information Security in Saarbrücken, Germany. Ben leads the Secure Web Application Group at CISPA, and his research focuses on various aspects of Web security, with a recent focus on client-side security mechanisms, in particular CSP and its connections to aspects of usability. His group regularly publishes at major security conferences such as USENIX Security, CSS, and NDSS, and Ben also serves on the PC and as track chair of the venues.

Please feel free to forward to others who might be interested. 

UK-SPS is an inter-university seminar series on cyber security and privacy. Seminar details are also advertised on our website, calendar and Twitter, and recordings will be available on our YouTube channel afterwards. 

Last modified: Mon, 21 Mar 2022 13:04:13 GMT