XSS Filter Tech: Later is Better?

Arcane design decisions can have subtle but important effects on the characteristics of a security mitigation.  Consider how client-side XSS filtering might examine a given HTTP response for evidence of a reflected attack.  Is it more sensible to examine the response before or after that response is processed in the browser? An easy answer might…

0

Enforcing Standards Mode with X-FRAME-OPTIONS

Reduced attack surface in Standards Mode is a good step forward for XSS-Focused Attack Surface Reduction in the browser.  But it’s necessary to prevent framing as a prerequisite to enforced Standards Mode. Putting this into practice is pretty simple.  First, you’ll need a Standards Mode DOCTYPE and document compatibility header on your web content, eg: <!DOCTYPE…

0