W3C home > Mailing lists > Public > public-webappsec@w3.org > January 2014

Re: CSP Transition Tools

From: Taras Ivashchenko <oxdef@yandex-team.ru>
Date: Tue, 14 Jan 2014 12:37:11 +0400
To: public-webappsec@w3.org
Cc: Garrett Robinson <grobinson@mozilla.com>
Message-ID: <2239874.fRXrJZpcMp@moon>
Hi, Garrett!

We shared our case study at  OWASP AppSec EU 2013, so you can watch it on 
YouTube: "Content Security Policy - the panacea for XSS or placebo?" 
http://www.youtube.com/watch?v=-7jLU-eO6XA

We also shared our CSP related tools:

* CSP Tester - This extension helps web masters to test web application 
behavior with Content Security Policy (CSP) ver. 1.0 implemented., 
https://www.oxdef.info/csp-tester
* CSP Reporter - In a nutshell it is a parser for CSP (Content Security 
Policy) reports. Main purpose is to create easy to read and understand report 
from big size logs. https://www.oxdef.info/csp-reporter 

В письме от 13 января 2014 14:26:23 пользователь Garrett Robinson написал:
> Hey webappsec!
> 
> I'm working on encouraging some large site operators to transition to
> using CSP. As we know, the process of transitioning is not easy,
> especially on large, established sites with lots of inline code. I want
> to give them some advice about techniques and tools they can use to make
> this process easier.
> 
> If you've transitioned a site (especially a large and/or complex one) to
> use CSP, please consider sharing your process, tools, and any lessons
> learned! I'd love to build an inventory that we could maybe turn into a
> document to help site operators transition.
> 
> -Garrett

-- 
Taras Ivashchenko
Information Security Administrator,
Yandex
Received on Tuesday, 14 January 2014 09:24:58 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:04 UTC