Paid Advertising is
ha.ckers sla.cking
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Browser Security
Posted by: p0deje
Date: April 18, 2010 09:00AM

As long as I didn't find any resource about all browser security opportunities, I want to collect all possible information within this thread.

Question is: How can website developer mitigate webapp vulnerabilities using browsers' security models?

That's what I've found.

-- XSS --
1. X-Content-Security-Policy HTTP header. Supported by Firefox 3.?
2. X-XSS-Protection HTTP header. Supported by IE8 and only for disabling

-- CSRF --
1. Origin HTTP header. Supported by Chrome and Firefox 3.?

-- Clickjacking --
1. X-Frame-Options HTTP header. Supported by IE8, Chrome, Firefox + NoScript, Safari

I'm not sure about versions of Firefox.
What else can be added there?


Options: ReplyQuote

Sorry, only registered users may post in this forum.