Content Security Policy. Vlastimil Zíma 24. listopadu 2017
|
|
- Molly Brooks
- 6 years ago
- Views:
Transcription
1 Content Security Policy Vlastimil Zíma 24. listopadu 2017
2 Content Security Policy Obrana před XSS apod. Vázaný na HTML stránku Level 2, ve vývoji Level 3
3 Jak to funguje HTML + CSP Prohlížeč eval() CSP
4 Základní direktivy script-src JS style-src CSS object-src <object> apod. img-src obrázky media-src audio, video apod. child-src frame-src <frame>, <iframe> worker-src Worker apod. font-src fonty connect-src AJAX apod. default-src
5 Hodnoty direktiv Speciální hodnoty 'self' 'none' * 'unsafe-inline' <style>, style=, <script>, on*= apod. 'unsafe-eval' eval, settimeout a setinterval Schémata https: data: Zdroje example.cz *.example.cz example.cz:8000 Výjimky pro inline 'nonce-vybrana-hodnota' 'sha256-base64-hodnota'
6 Hlášení report-uri Závislé na prohlížeči Zobrazují se v konzoli {"csp-report" : { "document-uri" : " "referrer" : "", "blocked-uri" : " "violated-directive" : "default-src 'self'", "original-policy" : "default-src 'self'; report-uri "status-code" : 200, "effective-directive" : "style-src", "source-file" : " "line-number" : 31, "column-number" : 21 }}
7 Kam s ním HTTP hlavička HTML meta Level 2+ Content-Security-Policy Content-Security-Policy-Report-Only X-Content-Security-Policy X-Content-Security-Policy-Report-Only
8 Jak na to 1 default-src 'none' 2 Otestovat 3 Opravit kód / CSP
9 Jak na to 1 default-src 'none' 2 Otestovat 3 Opravit kód / CSP eval, settimeout a setinterval <script>, on*= apod. <style>, style= apod. data: URI
10 Prokletí sociálních sítí Chybí návody Pokus-omyl
11 Prokletí sociálních sítí Chybí návody Pokus-omyl Twitter widget <meta name="twitter:widgets:csp" content="on" /> script-src style-src connect-src
12 Prokletí sociálních sítí Chybí návody Pokus-omyl Facebook +1 script-src
13 Prokletí sociálních sítí Chybí návody Pokus-omyl Google script-src mapy, překlady, CDN script-src Google+, mapy, recaptcha script-src recaptcha style-src fonty v mapách font-src fonty v mapách
14 Naše direktivy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' style-src 'self' 'unsafe-inline' img-src * data:; media-src *; child-src *; frame-src *; worker-src 'none'; font-src 'self' connect-src 'self' report-uri
15 Naše direktivy default-src 'self'; script-src 'self' object-src 'none'; img-src * data:; media-src 'none'; child-src 'none'; frame-src 'none'; connect-src 'self' report-uri
16 Naše CSP HTTP server HTTP hlavičky
17 Statistiky zobrazení/den
18 Statistiky zobrazení/den hlášení/den
19 Statistiky zobrazení/den hlášení/den 70 % script-src se self URI "script-sample":"onfocusin attribute on DIV element"
20 Statistiky zobrazení/den hlášení/den 70 % script-src se self URI "script-sample":"onfocusin attribute on DIV element" 15 % prázdná URI "source-file":" "line-number":19, "column-number":26
21 Statistiky zobrazení/den hlášení/den 70 % script-src se self URI "script-sample":"onfocusin attribute on DIV element" 15 % prázdná URI "source-file":" "line-number":19, "column-number":26 10 % font-src se URI
22 Děkuji za pozornost Vlastimil Zíma
Know Your Own Risks: Content Security Policy Report Aggregation and Analysis
SESSION ID: CDS-F03 Know Your Own Risks: Content Security Policy Report Aggregation and Analysis Ksenia Dmitrieva Senior Consultant Cigital, Inc. @KseniaDmitrieva Agenda What is Content Security Policy
More informationCSP ODDITIES. Michele Spagnuolo Lukas Weichselbaum
ODDITIES Michele Spagnuolo Lukas Weichselbaum ABOUT US Michele Spagnuolo Lukas Weichselbaum Information Security Engineer Information Security Engineer We work in a special focus area of the Google security
More informationContent Security Policy
Content Security Policy And mitigating Cross-site Scripting vulnerabilities Joseph Fields M.Sc Computer Science - December 2016 Introduction HTML and Javascript power billions of websites visited daily
More informationBrowser code isolation
CS 155 Spring 2016 Browser code isolation John Mitchell Acknowledgments: Lecture slides are from the Computer Security course taught by Dan Boneh and John Mitchell at Stanford University. When slides are
More informationExtending the browser to secure applications
Extending the browser to secure applications Highlights from W3C WebAppSec Group Deian Stefan Modern web apps have many moving pieces & parties Application code & content itself User provided content (e.g.,
More informationMatch the attack to its description:
Match the attack to its description: 8 7 5 6 4 2 3 1 Attacks: Using Components with Known Vulnerabilities Missing Function Level Access Control Sensitive Data Exposure Security Misconfiguration Insecure
More informationHTTP Security Headers Explained
HTTP Security Headers Explained Scott Sauber Slides at scottsauber.com scottsauber Audience Anyone with a website Agenda What are HTTP Security Headers? Why do they matter? HSTS, XFO, XSS, CSP, CTO, RH,
More informationBOOSTING THE SECURITY
BOOSTING THE SECURITY OF YOUR ANGULAR APPLICATION Philippe De Ryck March 2017 https://www.websec.be ANGULAR APPLICATIONS RUN WITHIN THE BROWSER JS code HTML code Load application JS code / HTML code JS
More informationGe#ng The Most Out Of CSP: A Deep Dive. Sergey Shekyan
Ge#ng The Most Out Of CSP: A Deep Dive Sergey Shekyan Canadian Staging Professionals (CSP) CSP Home Staging CerFficaFon Course Is Simply The Best EducaFon and Support For Your New Career Mastering the
More informationMoving your website to HTTPS - HSTS, TLS, HPKP, CSP and friends
Moving your website to HTTPS - HSTS, TLS, HPKP, CSP and friends CTDOTNET February 21, 2017 Robert Hurlbut RobertHurlbut.com @RobertHurlbut Robert Hurlbut Software Security Consultant, Architect, and Trainer
More informationHigh -Tech Bridge s Web Server Security Service API Developer Documentation Version v1.3 February 13 th 2018
HTB_WEBSECDOCS_v1.3.pdf Page 1 of 29 High -Tech Bridge s Web Server Security Service API Developer Documentation Version v1.3 February 13 th 2018 General Overview... 2 Meta-information... 4 HTTP Additional
More informationCSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application
More informationNortheastern University Systems Security Lab
Northeastern University Systems Security Lab Why is CSP Failing? Trends and Challenges in CSP Adoption Symposium on Research in Attacks, Intrusions and Defenses (RAID) Gothenburg, Sweden, September 2014
More informationMarkup Language. Made up of elements Elements create a document tree
Patrick Behr Markup Language HTML is a markup language HTML markup instructs browsers how to display the content Provides structure and meaning to the content Does not (should not) describe how
More informationModern client-side defenses. Deian Stefan
Modern client-side defenses Deian Stefan Modern web site Modern web site Page code Modern web site Modern web site Page code Ad code Modern web site Page code Ad code Third-party APIs Modern web site Page
More informationContent Security Policy
About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training
More informationUsing HTTPS - HSTS, TLS, HPKP, CSP and friends
Using HTTPS - HSTS, TLS, HPKP, CSP and friends Boston.NET Architecture Group May 17, 2017 Robert Hurlbut RobertHurlbut.com @RobertHurlbut Robert Hurlbut Software Security Consultant, Architect, and Trainer
More informationDjango-CSP Documentation
Django-CSP Documentation Release 3.0 James Socol, Mozilla September 06, 2016 Contents 1 Installing django-csp 3 2 Configuring django-csp 5 2.1 Policy Settings..............................................
More informationBOOSTING THE SECURITY OF YOUR ANGULAR 2 APPLICATION
BOOSTING THE SECURITY OF YOUR ANGULAR 2 APPLICATION Philippe De Ryck NG-BE Conference, December 9 th 2016 https://www.websec.be ABOUT ME PHILIPPE DE RYCK My goal is to help you build secure web applications
More informationDefense-in-depth techniques. for modern web applications
Defense-in-depth techniques for modern web applications About Us Lukas Weichselbaum Michele Spagnuolo Senior Information Security Engineer Senior Information Security Engineer We work in a focus area of
More informationFixed Size Ad Specifications
Fixed Size Ad Specifications The following fixed size ad units are recommended as part of the new ad portfolio. These have been recommended based on Attitudes and Usage Study to determine which of the
More informationSo we broke all CSPs. You won't guess what happened next!
So we broke all CSPs You won't guess what happened next! whoami and Past Work Michele Spagnuolo Senior Information Security Engineer bitiodine.net rosettaflash.com Recap what happened last year Summary
More informationWriting Secure Chrome Apps and Extensions
Writing Secure Chrome Apps and Extensions Keeping your users safe Jorge Lucángeli Obes Software Engineer Keeping users safe A lot of work going into making browsers more secure What about users' data?
More informationCSP STS PKP SRI ETC OMG WTF BBQ
CSP STS PKP SRI ETC OMG WTF BBQ Scott Helme Security Researcher @Scott_Helme scotthelme.co.uk Modern Web Security Standards Scott Helme Security Researcher @Scott_Helme scotthelme.co.uk HTTPS HTTP/2
More informationlast time: command injection
Web Security 1 last time: command injection 2 placing user input in more complicated language SQL shell commands input accidentally treated as commands in language instead of single value (e.g. argument/string
More informationScripting for Multimedia LECTURE 5: INTRODUCING CSS3
Scripting for Multimedia LECTURE 5: INTRODUCING CSS3 CSS introduction CSS Level 1 --> CSS Level 2 --> CSS Level 3 (in modules) More than 50 modules are published Cascading style sheets (CSS) defines how
More informationSecurity and Frontend Performance
Security and Frontend Performance Breaking the Conundrum Sabrina Burney and Sonia Burney Beijing Boston Farnham Sebastopol Tokyo Security and Frontend Performance by Sonia Burney and Sabrina Burney Copyright
More informationDeccansoft Software Services
Deccansoft Software Services (A Microsoft Learning Partner) HTML and CSS COURSE SYLLABUS Module 1: Web Programming Introduction In this module you will learn basic introduction to web development. Module
More informationStatic Webpage Development
Dear Student, Based upon your enquiry we are pleased to send you the course curriculum for PHP Given below is the brief description for the course you are looking for: - Static Webpage Development Introduction
More informationRediscover Google AMP Learn to integrate AMP with your Drupal project Twin Cities Drupal Camp June 9, 2018
Learn to integrate AMP with your Drupal project Twin Cities Drupal Camp June 9, 2018 : Learn to integrate AMP with your Drupal project Jason A. Want @jasonawant Senior Software Engineer The Nerdery 3 STRATEGY.
More informationDesign Document V2 ThingLink Startup
Design Document V2 ThingLink Startup Yon Corp Andy Chen Ashton Yon Eric Ouyang Giovanni Tenorio Table of Contents 1. Technology Background.. 2 2. Design Goal...3 3. Architectural Choices and Corresponding
More informationMatteo Fogli. Web Performance
< Sponsor Matteo Fogli Web Performance Lead @pecus Modo @madebymodo https://modo.md/ < < What is AMP? AMP is HTML AMP is a Web Component Format + JavaScript Library AMP is strictly validated What is
More informationSEEM4570 System Design and Implementation. Lecture 4 AJAX and Demo
SEEM4570 System Design and Implementation Lecture 4 AJAX and Demo Prerequisite Please follow lecture note 3 up to P. 19 to set up your app environment. We build everything on top of it. In index.html,
More informationSetting Up a Development Server What Is a WAMP, MAMP, or LAMP? Installing a WAMP on Windows Testing the InstallationAlternative WAMPs Installing a
Setting Up a Development Server What Is a WAMP, MAMP, or LAMP? Installing a WAMP on Windows Testing the InstallationAlternative WAMPs Installing a LAMP on Linux Working Remotely Introduction to web programming
More informationThe Structure of the Web. Jim and Matthew
The Structure of the Web Jim and Matthew Workshop Structure 1. 2. 3. 4. 5. 6. 7. What is a browser? HTML CSS Javascript LUNCH Clients and Servers (creating a live website) Build your Own Website Workshop
More informationAN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE
AN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE Nicholas Carlini, Adrienne Porter Felt, David Wagner University of California, Berkeley CHROME EXTENSIONS CHROME EXTENSIONS servers servers
More informationCSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application
More informationWebsite Report for test.com
NeatWidget contact@neatwidget.com.au neatwidget.com.au Website Report for test.com This report grades your website on the strength of a range of important factors such as on-page optimization, off-page
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017 1 / 32 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationIndex. alt, 38, 57 class, 86, 88, 101, 107 href, 24, 51, 57 id, 86 88, 98 overview, 37. src, 37, 57. backend, WordPress, 146, 148
Index Numbers & Symbols (angle brackets), in HTML, 47 : (colon), in CSS, 96 {} (curly brackets), in CSS, 75, 96. (dot), in CSS, 89, 102 # (hash mark), in CSS, 87 88, 99 % (percent) font size, in CSS,
More informationFlexible and LEAN Ads
Flexible and LEAN Ads The IAB New Ad Portfolio emphasizes LEAN (Light, Encrypted, AdChoices supported, and Non-invasive) ad experience and flexible size ad specifications. LEAN ad experience for digital
More informationWeb Security. CSU CS557 - Fall 2017 Instructor: Lorenzo De Carli
Web Security CSU CS557 - Fall 2017 Instructor: Lorenzo De Carli 1 Network Security Application (high-level data stream) Traditional focus of network security Transport (reliable transmission of packets)
More informationWebsite Report for facebook.com
Website Report for facebook.com Fife Website Design 85 Urquhart Crescent 07821731179 hello@fifewebsitedesign.co.uk www.fifewebsitedesign.co.uk This report grades your website on the strength of a range
More informationBest Practices Chapter 5
Best Practices Chapter 5 Chapter 5 CHRIS HOY 12/11/2015 COMW-283 Chapter 5 The DOM and BOM The BOM stand for the Browser Object Model, it s also the client-side of the web hierarchy. It is made up of a
More informationExecutive Summary. Performance Report for: The web should be fast. Top 1 Priority Issues. How does this affect me?
The web should be fast. Executive Summary Performance Report for: http://instantwebapp.co.uk/8/ Report generated: Test Server Region: Using: Fri, May 19, 2017, 4:01 AM -0700 Vancouver, Canada Firefox (Desktop)
More informationWebsite Report for colourways.com.au
Website Report for colourways.com.au This report grades your website based on the strength of various factors such as On Page Optimization, Off Page Links, and more. The overall Grade is on a A+ to F-
More informationBuild Site Create your site
Tutorial Activities Code o o Editor: Expression Web Focus : Base Layout, css drop down menu, jssor implementation o Facebook and twitter feeds, SEO o Submitting to a search engine Build Site Create your
More informationIn this project, you ll learn how to create your own webpage to tell a story, joke or poem. Think about the story you want to tell.
Tell a Story Introduction In this project, you ll learn how to create your own webpage to tell a story, joke or poem. Step 1: Decide on a story Before you get coding, you ll need to decide on a story to
More informationCSS Cascading Style Sheets
CSS Cascading Style Sheets site root index.html about.html services.html stylesheet.css images boris.jpg Types of CSS External Internal Inline External CSS An external style sheet is a text document with
More informationClient Side Security And Testing Tools
OWASP Jakarta Tech Day Meetup 2017 Client Side Security And Testing Tools David Cervigni @ Minded Security Agenda Short Intro Client side threats: Why important/difficult Examples: Dom XSS, HTTP Param
More informationWeb development using PHP & MySQL with HTML5, CSS, JavaScript
Web development using PHP & MySQL with HTML5, CSS, JavaScript Static Webpage Development Introduction to web Browser Website Webpage Content of webpage Static vs dynamic webpage Technologies to create
More informationSOCIAL LOGIN FOR MAGENTO 2
1 User Guide Social Login for Magento 2 SOCIAL LOGIN FOR MAGENTO 2 USER GUIDE BSS COMMERCE 1 2 User Guide Social Login for Magento 2 Contents 1. Social Login for Magento 2 Extension Overview... 3 2. How
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Cross-site Scripting What is Cross-site Scripting (XSS)? Vulnerability in web application that enables attackers to inject client-side
More informationExecutive Summary. Performance Report for: The web should be fast. Top 5 Priority Issues
The web should be fast. Executive Summary Performance Report for: http://wkladki.net/porady/jak-usunac-zarysowa Report generated: Test Server Region: Using: Fri, Jan 22, 2016, 4:30 PM -0800 Vancouver,
More informationWebsite Report for bangaloregastro.com
Digi Leader Studios 40th Cross, 10th Main, 5th Block Jayanagar, Bengaluru - India 09845182203 connect@digileader.in https://www.digileader.in Website Report for bangaloregastro.com This report grades your
More informationCare & Feeding of Programmers: Addressing App Sec Gaps using HTTP Headers. Sunny Wear OWASP Tampa Chapter December
Care & Feeding of Programmers: Addressing App Sec Gaps using HTTP Headers Sunny Wear OWASP Tampa Chapter December Mee@ng 1 About the Speaker Informa@on Security Architect Areas of exper@se: Applica@on,
More informationWebsite Report for
Website Report for www.jgllaw.com This report grades your website on the strength of a range of important factors such as on-page SEO optimization, off-page backlinks, social, performance, security and
More informationProject 3 Web Security Part 1. Outline
Project 3 Web Security Part 1 CS155 Indrajit Indy Khare Outline Quick Overview of the Technologies HTML (and a bit of CSS) Javascript PHP Assignment Assignment Overview Example Attack 1 New to web programming?
More informationLecture : 3. Practical : 2. Course Credit. Tutorial : 0. Total : 5. Course Learning Outcomes
Course Title Course Code WEB DESIGNING TECHNOLOGIES DCE311 Lecture : 3 Course Credit Practical : Tutorial : 0 Total : 5 Course Learning Outcomes At end of the course, students will be able to: Understand
More informationOctober 08: Introduction to Web Security
October 08: Introduction to Web Security Scribe: Rohan Padhye October 8, 2015 Web security is an important topic because web applications are particularly hard to secure, and are one of the most vulnerable/buggy
More informationComputer Systems Department, University of Castilla-La Mancha Albacete, Spain
Review of the HTML5 API Computer Systems Department, University of Castilla-La Mancha Albacete, Spain felix.albertos@uclm.es 5th June 2018 Félix Albertos Marco ICWE 2018 TUTORIAL Review of the HTML5 API
More informationExecutive Summary. Performance Report for: The web should be fast. Top 5 Priority Issues. How does this affect me?
The web should be fast. Executive Summary Performance Report for: https://designmartijn.nl/ Report generated: Test Server Region: Using: Sun, Sep 30, 2018, 7:29 AM -0700 Vancouver, Canada Chrome (Desktop)
More informationIntroduction to WEB PROGRAMMING
Introduction to WEB PROGRAMMING Web Languages: Overview HTML CSS JavaScript content structure look & feel transitions/animation s (CSS3) interaction animation server communication Full-Stack Web Frameworks
More informationW3Conf, November 15 & 16, Brad Scott
The Future of Web Application Security W3Conf, November 15 & 16, 2011 Brad Hill @hillbrad bhill@paypal-inc.com Scott Stender @scottstender scott@isecpartners.com The History of Web App Security Attacker
More informationCascading Style Sheets CSCI 311
Cascading Style Sheets CSCI 311 Learning Objectives Learn how to use CSS to style the page Learn to separate style from structure Styling with CSS Structure is separated from style in HTML5 CSS (Cascading
More informationWEBSITE PROJECT 2 PURPOSE: INSTRUCTIONS: REQUIREMENTS:
WEBSITE PROJECT 2 PURPOSE: The purpose of this project is to begin incorporating color, graphics, and other visual elements in your webpages by implementing the HTML5 and CSS3 code discussed in chapters
More informationWEB DEVELOPER BLUEPRINT
WEB DEVELOPER BLUEPRINT HAVE A QUESTION? ASK! Read up on all the ways you can get help. CONFUSION IS GOOD :) Seriously, it s scientific fact. Read all about it! REMEMBER, YOU ARE NOT ALONE! Join your Skillcrush
More informationWeb Development & Design Foundations with HTML5, 8 th Edition Instructor Materials Chapter 3 Test Bank
Multiple Choice. Choose the best answer. 1. Cascading Style Sheet rules are comprised of: a. Selectors and Declarations b. Properties and Declarations c. Selectors and Attributes 2. When CSS is coded in
More informationBrand Tools. Technical Channel Integration Guide
Brand Tools Technical Channel Integration Guide Boldomatic Brand Tools Channel Integration Guide 01 Overview Boldomatic offers a wide range of powerful tools to help your brand engage your audience through
More informationSOCIAL LOGIN FOR MAGENTO 2 USER GUIDE
1 User Guide Social Login for Magento 2 Extension SOCIAL LOGIN FOR MAGENTO 2 USER GUIDE BSSCOMMERCE 1 2 User Guide Social Login for Magento 2 Extension Contents 1. Social Login for Magento 2 Extension
More informationHTML HTML5. DOM(Document Object Model) CSS CSS
HTML HTML5 DOM(Document Object Model) CSS CSS HTML html img jpg png gif jpg png gif
More informationHTML 5 and CSS 3, Illustrated Complete. Unit M: Integrating Social Media Tools
HTML 5 and CSS 3, Illustrated Complete Unit M: Integrating Social Media Tools Objectives Understand social networking Integrate a Facebook account with a Web site Integrate a Twitter account feed Add a
More informationExecutive Summary. Performance Report for: The web should be fast. Top 5 Priority Issues. How does this affect me?
The web should be fast. Executive Summary Performance Report for: http://ardrosscs.ie/ Report generated: Test Server Region: Using: Sat, May 6, 2017, 5:14 AM -0700 Vancouver, Canada Firefox (Desktop) 49.0.2,
More informationHTML + CSS. ScottyLabs WDW. Overview HTML Tags CSS Properties Resources
HTML + CSS ScottyLabs WDW OVERVIEW What are HTML and CSS? How can I use them? WHAT ARE HTML AND CSS? HTML - HyperText Markup Language Specifies webpage content hierarchy Describes rough layout of content
More informationHow is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the server sends
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh February 11, 2016 1 / 27 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationPIC 40A. Midterm 1 Review
PIC 40A Midterm 1 Review XHTML and HTML5 Know the structure of an XHTML/HTML5 document (head, body) and what goes in each section. Understand meta tags and be able to give an example of a meta tags. Know
More informationFRONT END DEVELOPER CAREER BLUEPRINT
FRONT END DEVELOPER CAREER BLUEPRINT HAVE A QUESTION? ASK! Read up on all the ways you can get help. CONFUSION IS GOOD :) Seriously, it s scientific fact. Read all about it! REMEMBER, YOU ARE NOT ALONE!
More informationCompuScholar, Inc. Alignment to Utah's Web Development I Standards
Course Title: KidCoder: Web Design Course ISBN: 978-0-9887070-3-0 Course Year: 2015 CompuScholar, Inc. Alignment to Utah's Web Development I Standards Note: Citation(s) listed may represent a subset of
More informationClojure Web Security. FrOSCon Joy Clark & Simon Kölsch
Clojure Web Security FrOSCon 2016 Joy Clark & Simon Kölsch Clojure Crash Course (println "Hello Sankt Augustin!") Lisp + JVM Functional programming language Simple programming model Immutable Data Structures
More informationStandard 1 The student will author web pages using the HyperText Markup Language (HTML)
I. Course Title Web Application Development II. Course Description Students develop software solutions by building web apps. Technologies may include a back-end SQL database, web programming in PHP and/or
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationJavaScript: Events, the DOM Tree, jquery and Timing
JavaScript: Events, the DOM Tree, jquery and Timing CISC 282 October 11, 2017 window.onload Conflict Can only set window.onload = function once What if you have multiple files for handlers? What if you're
More informationClient Side Injection on Web Applications
Client Side Injection on Web Applications Author: Milad Khoshdel Blog: https://blog.regux.com Email: miladkhoshdel@gmail.com 1 P a g e Contents INTRODUCTION... 3 HTML Injection Vulnerability... 4 How to
More informationTechnical Requirements
Technical Requirements Annonces pleinchamp com Delivery of elements 5 working days before the date of posting your campaign Contact : service-coordination@mb-diffusion.com General terms and conditions:
More informationReceiving Courses Iframe Integration
Receiving Courses Iframe Integration Version 1.3 Jobg8 Limited Version 1.3 1 Document Version History Date Version Description Author 1 st July 2016 1.0 Initial version Sarah Poole 8 th July 2016 1.1 Reviewed
More informationExecutive Summary. Performance Report for: The web should be fast. Top 5 Priority Issues. How does this affect me?
The web should be fast. Executive Summary Performance Report for: http://idwebcare.nl/ Report generated: Test Server Region: Using: Tue, Aug 29, 2017, 5:08 AM -0700 Vancouver, Canada Firefox (Desktop)
More informationStamp Builder. Documentation. v1.0.0
Stamp Email Builder Documentation http://getemailbuilder.com v1.0.0 THANK YOU FOR PURCHASING OUR EMAIL EDITOR! This documentation covers all main features of the STAMP Self-hosted email editor. If you
More informationComplimentary SEO Analysis & Proposal. Rashima Marjara
Complimentary SEO Analysis & Proposal www.mermaidfoodstuff.com Rashima Marjara Wednesday, January 11, 2017 CONTENTS Contents... 1 Account Information... 3 Introduction... 3 Website Performance Analysis...
More informationSpeeding up Web Page Loads with Shandian. Sophia Wang University of Washington
Speeding up Web Page Loads with Shandian Sophia Wang University of Washington Why is page load time (PLT) slow? 3/27/16 2
More informationHTML and CSS COURSE SYLLABUS
HTML and CSS COURSE SYLLABUS Overview: HTML and CSS go hand in hand for developing flexible, attractively and user friendly websites. HTML (Hyper Text Markup Language) is used to show content on the page
More informationUI Course HTML: (Html, CSS, JavaScript, JQuery, Bootstrap, AngularJS) Introduction. The World Wide Web (WWW) and history of HTML
UI Course (Html, CSS, JavaScript, JQuery, Bootstrap, AngularJS) HTML: Introduction The World Wide Web (WWW) and history of HTML Hypertext and Hypertext Markup Language Why HTML Prerequisites Objective
More informationExtending the Web Security Model with Information Flow Control
Extending the Web Security Model with Information Flow Control Deian Stefan Advised by David Herman Motivation: 3rd party libraries Password-strength checker Desired security policy: Password is not leaked
More informationYour Scripts in My Page: What Could Possibly Go Wrong? Sebastian Lekies / Ben Stock Martin Johns
Your Scripts in My Page: What Could Possibly Go Wrong? Sebastian Lekies (@slekies) / Ben Stock (@kcotsneb) Martin Johns (@datenkeller) Agenda The Same-Origin Policy Cross-Site Script Inclusion (XSSI) Generalizing
More informationNoScript, CSP and ABE: When The Browser Is Not Your Enemy
NoScript, CSP and ABE: When The Browser Is Not Your Enemy Giorgio Maone CTO, NoScript lead developer InformAction OWASP-Italy Day IV Milan 6th, November 2009 Copyright 2008 - The OWASP Foundation Permission
More informationGrooveCar Welcome Packet
GrooveCar Welcome Packet Thank you and welcome aboard the GC Direct program. We look forward to having your auto resource completed and ready for your members to use. Please review our GCDirect Welcome
More informationImplementing a chat button on TECHNICAL PAPER
Implementing a chat button on TECHNICAL PAPER Contents 1 Adding a Live Guide chat button to your Facebook page... 3 1.1 Make the chat button code accessible from your web server... 3 1.2 Create a Facebook
More informationExecutive Summary. Performance Report for: The web should be fast. Top 5 Priority Issues
The web should be fast. Executive Summary Performance Report for: http://magento-standard.eworld-accelerator.com Report generated: Test Server Region: Using: Tue, Sep 22, 2015, 11:12 AM +0200 London, UK
More informationWeb Security Checklist (v1.11)
Web Security Checklist (v1.11) 1. Introduction 1.1. Purpose This checklist is intended to help adopt new web frameworks (or help bootstrap new projects using a subset of our existing frameworks). This
More informationBasics of Web Technologies
Dear Student, Based upon your enquiry we are pleased to send you the course curriculum for Web Designing Given below is the brief description for the course you are looking for: Introduction to Web Technologies
More information