[Owasp-ireland] Content Security Policy

davidrook david.rook at realexpayments.com
Tue Jun 30 06:12:50 EDT 2009


I have been reading through the Content Security Policy today and it 
looks like it could be a useful defence for stopping XSS, writing secure 
code is obviously the first thing you should tackle but defence in depth 
is always good. In short, the CSP allows you to whitelist domains that 
the users browsers can use as valid sources for scripts, there is of 
course a little bit more to it than that but it does look useful.

You can find out more about the Content Security Policy here: 
http://people.mozilla.org/~bsterne/content-security-policy/index.html

Dave

-- 
David Rook | david.rook at realexpayments.com
Security Analyst

Realex Payments
Enabling thousands of businesses to sell online.

Visit our new website: www.onlinepayments.ie 

Follow us on Twitter! www.twitter.com/realexpayments

Castlecourt, Monkstown Farm, Monkstown, Co Dublin, Ireland
|t: +353 1 2808559 | f: +353 1 2808538  | www.realexpayments.com 

1 Lyric Square, London W6 0NB
t: +44 203 1785370 | f: +44 207 6917264  | www.realexpayments.co.uk 

27 avenue de l'Opéra, 75001 Paris. 
t: +33 (0)1 70 38 51 37  | f: +33 (0)1 70 38 51 51

Visit our other Realex Payments websites: 
www.airlinepayments.com 
www.sepa.ie 

Pay and Shop Limited, trading as Realex Payments has its registered office at Castlecourt, Monkstown Farm, Monkstown, Co. Dublin, Ireland and is registered in Ireland, company number 324929. 

This mail and any documents attached are classified as confidential and are intended for use by the addressee(s) only unless otherwise indicated. If you are not an intended recipient of this email, you must not use, disclose, copy, distribute or retain this message or any part of it. If you have received this email in error, please notify us immediately and delete all copies of this email from your computer system(s).




More information about the Owasp-ireland mailing list