Re: CSP Transition Tools

Hi Garrett,

You know this already, but for other interested parties, I made a
couple tools for generating a CSP called CSPTools last year and gave a
preso on it at Defcon last year:

I'm currently working on revamping the proxy and the parsing tools to
be more robust.


On Tue, Jan 14, 2014 at 3:37 AM, Taras Ivashchenko <> wrote:
> Hi, Garrett!
> We shared our case study at  OWASP AppSec EU 2013, so you can watch it on
> YouTube: "Content Security Policy - the panacea for XSS or placebo?"
> We also shared our CSP related tools:
> * CSP Tester - This extension helps web masters to test web application
> behavior with Content Security Policy (CSP) ver. 1.0 implemented.,
> * CSP Reporter - In a nutshell it is a parser for CSP (Content Security
> Policy) reports. Main purpose is to create easy to read and understand report
> from big size logs.
> В письме от 13 января 2014 14:26:23 пользователь Garrett Robinson написал:
>> Hey webappsec!
>> I'm working on encouraging some large site operators to transition to
>> using CSP. As we know, the process of transitioning is not easy,
>> especially on large, established sites with lots of inline code. I want
>> to give them some advice about techniques and tools they can use to make
>> this process easier.
>> If you've transitioned a site (especially a large and/or complex one) to
>> use CSP, please consider sharing your process, tools, and any lessons
>> learned! I'd love to build an inventory that we could maybe turn into a
>> document to help site operators transition.
>> -Garrett
> --
> Taras Ivashchenko
> Information Security Administrator,
> Yandex

Received on Tuesday, 14 January 2014 22:10:22 UTC