W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Re: CSP Transition Tools

From: Taras Ivashchenko <oxdef@yandex-team.ru>
Date: Tue, 14 Jan 2014 12:37:11 +0400
To: public-webappsec@w3.org
Cc: Garrett Robinson <grobinson@mozilla.com>
Message-ID: <2239874.fRXrJZpcMp@moon>
Hi, Garrett!

We shared our case study at  OWASP AppSec EU 2013, so you can watch it on 
YouTube: "Content Security Policy - the panacea for XSS or placebo?" 

We also shared our CSP related tools:

* CSP Tester - This extension helps web masters to test web application 
behavior with Content Security Policy (CSP) ver. 1.0 implemented., 
* CSP Reporter - In a nutshell it is a parser for CSP (Content Security 
Policy) reports. Main purpose is to create easy to read and understand report 
from big size logs. https://www.oxdef.info/csp-reporter 

В письме от 13 января 2014 14:26:23 пользователь Garrett Robinson написал:
> Hey webappsec!
> I'm working on encouraging some large site operators to transition to
> using CSP. As we know, the process of transitioning is not easy,
> especially on large, established sites with lots of inline code. I want
> to give them some advice about techniques and tools they can use to make
> this process easier.
> If you've transitioned a site (especially a large and/or complex one) to
> use CSP, please consider sharing your process, tools, and any lessons
> learned! I'd love to build an inventory that we could maybe turn into a
> document to help site operators transition.
> -Garrett

Taras Ivashchenko
Information Security Administrator,
Received on Tuesday, 14 January 2014 09:24:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:37 UTC