canmove, Confirmed users
1,220
edits
B2G App Security Model/Threat Model: Difference between revisions
Jump to navigation
Jump to search
B2G App Security Model/Threat Model (view source)
Revision as of 23:51, 19 March 2012
, 19 March 2012→Potential Countermeasures
Ptheriault (talk | contribs) |
Ptheriault (talk | contribs) |
||
| Line 35: | Line 35: | ||
* TLS/SSL | * TLS/SSL | ||
*[https://developer.mozilla.org/en/Security/HTTP_Strict_Transport_Security HTTP Strict Transport Security(HSTS)] | *[https://developer.mozilla.org/en/Security/HTTP_Strict_Transport_Security HTTP Strict Transport Security(HSTS)] | ||
* Static Web Apps with use explicit update process | * Static Web Apps with use explicit update process (i.e. static HTML/JS/CSS web app, loaded explicitly in a package, more similar to the extension model) | ||
* Enforce a Content Security Policy (CSP) policy on critical Web Apps | * Enforce a Content Security Policy (CSP) policy on critical Web Apps | ||
** Prevent loading of remote scripts for critical apps | ** Prevent loading of remote scripts for critical apps | ||