content-security-policy
Safeguard articles tagged "content-security-policy" — guides, analysis, and best practices for software supply chain and application security.
4 articles
A practical guide to HTTP security headers: CSP, HSTS, and beyond
A misconfigured checkout page let attackers skim 380,000+ card payments from British Airways in 2018. Here's how CSP, HSTS, and frame-ancestors actually stop attacks like that.
Preventing XSS in Java Spring and JSP applications
OWASP folded XSS into A03:2021-Injection, present in ~3.37% of tested apps — raw JSP EL output and a missing CSP header are still the two most common causes.
What is Clickjacking
Clickjacking tricks users into clicking hidden UI via invisible iframes. Learn how it works, real incidents, key CVEs, and how to defend against it.
CSP Bypass Techniques and Prevention: Beyond the Basics
Content Security Policy is the strongest browser-side defense against XSS. But most CSP deployments are bypassable. Here is why, and how to fix it.