External Link
https://www.sciencedirect.com/science/article/pii/S1361372311700732?via%3Dihub
BibTeX
@article{SOOD201111, title = {The state of HTTP declarative security in online banking websites}, journal = {Computer Fraud & Security}, volume = {2011}, number = {7}, pages = {11-16}, year = {2011}, issn = {1361-3723}, doi = {https://doi.org/10.1016/S1361-3723(11)70073-2}, url = {https://www.sciencedirect.com/science/article/pii/S1361372311700732}, author = {Aditya Sood and Richard Enbody}, abstract = {The banking industry is grappling with the problem of malware infections in clients. The exploitation of web vulnerabilities in a bank’s website can expose online monetary transactions to fraud. Vulnerabilities such as Cross-Site Scripting (XSS), clickjacking, MIME sniffing and Cross-Site Request Forgery (CSRF) allow information in one session to be stolen from another. However, browser security can play a critical role in preventing successful exploitation. Web malware poses a serious threat to the security of online banking and browsers remain the main attack vector for exploitation. The banking industry is grappling with the problem of malware infections in clients. Preventive measures are being devised to thwart attacks. One of the latest developments has been the inclusion of a declarative security mechanism in HTTP response headers to control the state of browsers. Aditya Sood and Richard Enbody of Michigan State University examine how well declarative security is being managed and implemented in this domain.} }