-
Notifications
You must be signed in to change notification settings - Fork 0
/
browser testing of security policy implementation.mm
56 lines (56 loc) · 5.07 KB
/
browser testing of security policy implementation.mm
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
<map version="0.9.0">
<!-- To view this file, download free mind mapping software FreeMind from http://freemind.sourceforge.net -->
<node CREATED="1419682703700" ID="ID_1316758880" MODIFIED="1431680549720" TEXT="browser testing of security policy implementation">
<node CREATED="1419683422650" HGAP="-538" ID="ID_1383977682" MODIFIED="1431680746488" POSITION="right" TEXT="Maffeis paper" VSHIFT="608">
<node CREATED="1419684966911" HGAP="19" ID="ID_1078382028" MODIFIED="1419686242139" TEXT="subdomains setup for requests describe web app in general" VSHIFT="-8"/>
<node CREATED="1419685076035" HGAP="25" ID="ID_1518894622" MODIFIED="1419685237709" TEXT="generator function for tests typical test case" VSHIFT="-3"/>
<node CREATED="1419685270163" ID="ID_721656830" MODIFIED="1419685289133" TEXT="what range of policy relevant tests have we covered W3C"/>
<node CREATED="1419686170634" ID="ID_239147586" MODIFIED="1431680519274" TEXT="presenting the collected data first extension"/>
</node>
<node CREATED="1419683436873" HGAP="56" ID="ID_1561816614" MODIFIED="1424777307932" POSITION="left" TEXT="Current understanding of browser sec." VSHIFT="27">
<node CREATED="1419686253782" ID="ID_939620121" MODIFIED="1431680097345" TEXT="taxonomy of attacks ">
<node CREATED="1419686623783" ID="ID_951374065" MODIFIED="1419687223177" TEXT="Cross Site Request Forgery"/>
<node CREATED="1419816012876" ID="ID_611257682" MODIFIED="1419816043337" TEXT="redirection attacks"/>
<node CREATED="1419816052291" ID="ID_1357501522" MODIFIED="1419816070242" TEXT="HTTP header injection"/>
<node CREATED="1419816079102" ID="ID_468822601" MODIFIED="1419816148253" TEXT="frame injection"/>
<node CREATED="1419816154825" ID="ID_1023863137" MODIFIED="1419816196499" TEXT="we do not worry about objects like shockwave, java , activeX , and server side such as SQL injection"/>
<node CREATED="1419816202332" ID="ID_428844814" MODIFIED="1419816220384" TEXT="File System access?"/>
<node CREATED="1419816237107" ID="ID_1626409856" MODIFIED="1419816241161" TEXT="applicaton logic hacks"/>
<node CREATED="1419816257887" ID="ID_1525046723" MODIFIED="1419816264595" TEXT="session fixation, cookies"/>
<node CREATED="1419816652006" ID="ID_325313620" MODIFIED="1419816668943" TEXT="access control bypass "/>
<node CREATED="1431680107458" ID="ID_138319766" MODIFIED="1431680111269" TEXT="XSS"/>
</node>
<node CREATED="1419686388006" HGAP="54" ID="ID_451194548" MODIFIED="1431680095523" TEXT="toxonomy of policies" VSHIFT="123">
<node CREATED="1419686409173" HGAP="17" ID="ID_1434297754" MODIFIED="1419686631065" TEXT="Same origin policy" VSHIFT="1"/>
<node CREATED="1419686421714" ID="ID_1686775462" MODIFIED="1419686427422" TEXT="Content security policy"/>
<node CREATED="1419686577423" ID="ID_471560927" MODIFIED="1419686586892" TEXT="Cross Origin Resource sharing"/>
<node CREATED="1419686595339" ID="ID_609784666" MODIFIED="1431680182851" TEXT="other: X-frame-options, "/>
</node>
</node>
<node CREATED="1419683458697" HGAP="17" ID="ID_248343502" MODIFIED="1431680742486" POSITION="right" TEXT="motivation for security policies" VSHIFT="-99">
<node CREATED="1419683581311" HGAP="2" ID="ID_930510632" MODIFIED="1431680596244" TEXT="history of browser support" VSHIFT="-95">
<node CREATED="1419683621597" HGAP="49" ID="ID_1019078524" MODIFIED="1431680607781" TEXT="conflict in interpretation" VSHIFT="79">
<node CREATED="1419683924850" ID="ID_1847451964" MODIFIED="1419683936930" TEXT="support history "/>
</node>
<node CREATED="1419683948040" HGAP="88" ID="ID_70911206" MODIFIED="1431680599737" TEXT="where is it going?" VSHIFT="-190"/>
</node>
<node CREATED="1419684116714" HGAP="28" ID="ID_5141457" LINK="#ID_721656830" MODIFIED="1431680585490" TEXT="Review of what currently fails on what following discussion" VSHIFT="-2"/>
</node>
<node CREATED="1419686813791" HGAP="-359" ID="ID_1375387007" MODIFIED="1431680731078" POSITION="right" TEXT="BrowserAudit" VSHIFT="-935">
<node CREATED="1431680142142" ID="ID_1200652965" MODIFIED="1431680154414" TEXT="application go architecture"/>
<node CREATED="1431680158899" ID="ID_1792280521" MODIFIED="1431680195215" TEXT="Test suite "/>
<node CREATED="1431680199072" ID="ID_780715645" MODIFIED="1431680205136" TEXT="extensibility of tests">
<node CREATED="1431680218972" ID="ID_216372927" MODIFIED="1431680225531" TEXT="client only "/>
<node CREATED="1431680229558" ID="ID_552807522" MODIFIED="1431680233934" TEXT="formalising server directives"/>
</node>
<node CREATED="1431680238223" ID="ID_1718194470" MODIFIED="1431680243734" TEXT="tests to add">
<node CREATED="1431680246388" ID="ID_18313913" MODIFIED="1431680249357" TEXT="Navigation"/>
<node CREATED="1431680253224" ID="ID_379207190" MODIFIED="1431680258054" TEXT=""use strict";"/>
<node CREATED="1431680258654" ID="ID_953029359" MODIFIED="1431680266858" TEXT="Postmessage"/>
<node CREATED="1431680270153" ID="ID_1163150966" MODIFIED="1431680318549" TEXT="CSP V1.1"/>
<node CREATED="1431680323262" ID="ID_1478955230" MODIFIED="1431680398636" TEXT="Objects: flash, java , silverlight etc.."/>
</node>
<node CREATED="1431680413157" ID="ID_296294097" MODIFIED="1431680416379" TEXT="Browspec"/>
</node>
</node>
</map>