- From: Taras Ivashchenko <oxdef@yandex-team.ru>
- Date: Tue, 14 Jan 2014 12:37:11 +0400
- To: public-webappsec@w3.org
- Cc: Garrett Robinson <grobinson@mozilla.com>
Hi, Garrett! We shared our case study at OWASP AppSec EU 2013, so you can watch it on YouTube: "Content Security Policy - the panacea for XSS or placebo?" http://www.youtube.com/watch?v=-7jLU-eO6XA We also shared our CSP related tools: * CSP Tester - This extension helps web masters to test web application behavior with Content Security Policy (CSP) ver. 1.0 implemented., https://www.oxdef.info/csp-tester * CSP Reporter - In a nutshell it is a parser for CSP (Content Security Policy) reports. Main purpose is to create easy to read and understand report from big size logs. https://www.oxdef.info/csp-reporter В письме от 13 января 2014 14:26:23 пользователь Garrett Robinson написал: > Hey webappsec! > > I'm working on encouraging some large site operators to transition to > using CSP. As we know, the process of transitioning is not easy, > especially on large, established sites with lots of inline code. I want > to give them some advice about techniques and tools they can use to make > this process easier. > > If you've transitioned a site (especially a large and/or complex one) to > use CSP, please consider sharing your process, tools, and any lessons > learned! I'd love to build an inventory that we could maybe turn into a > document to help site operators transition. > > -Garrett -- Taras Ivashchenko Information Security Administrator, Yandex
Received on Tuesday, 14 January 2014 09:24:58 UTC