세미나

[세미나] Content Security Policy - The Past, the Present, the Future? - Ben Stock (CISPA)
작성일2020-06-23

저희 정보보호대학원에서는 CISPA(독일 정보보안센터)에 계시는 Ben Stock 박사님을 모시고

"Content Security Policy - The Past, the Present, the Future?" 주제로 아래와 같이 세미나를 개최하고자 합니다.

코로나19 확산방지를 위하여 원격수업으로 진행할 예정이오니, 

아래 관련 링크주소로 접속하여 주시길 바랍니다. 

 

= 아 래 = 

o 일시

20.6.16(화) 16:00~

※ 시작시간 5분전에 준비하여 주세요.

- Zoom url: https://kaist.zoom.us/j/3674821514==============================                                                                                                                                                                              

Title: Content Security Policy - The Past, the Present, the Future?

 

Abstract:

Content Security Policy has been around for 10 years and still only a fraction of sites on the Web leverage its full potential to mitigate XSS and other flaws. In this talk, I will discuss the evolution of CSP over time and how sites *could* leverage it to secure against three attacks classes. This is based on our recent NDSS paper (https://swag.cispa.saarland/papers/roth2020csp.pdf), which sheds light on the usage of CSP on 10,000 sites over a period of six years. In addition, I will discuss how seemingly irrelevant choices when whitelisting sites can lead to catastrophic consequences for the security of CSP. Finally, I will discuss insights from our most recent study, which shows that CSP’s success is in large parts blocked by third parties, and cannot be blamed on developers. With this, I’ll give my personal outlook on where CSP can be going from here, and what needs to happen for it to succeed.

 

Bio:

Ben Stock is a Tenure-Track Faculty at the newly founded CISPA-Helmholtz Center for Information Security. In his PhD, Ben focussed on the detection and mitigation of Client-Side Cross-Site Scripting. During his PhD, he worked closely with SAP Research and interned with Microsoft Research. After his PhD, he joined CISPA as a postdoc, focussing on both Web Security as well as Usable Security research. He currently heads the Secure Web Applications Group at CISPA, is a regular speaker at academic and non-academic venues like CCS, USENIX Security, NDSS, Blackhat, and OWASP AppSec, and attempts to make the security reviewing community less toxic by serving on all major PCs at the same time.