Hi all, At the last call there was some interest in tools to evaluate the security of CSP policies; we've just released several of the utilities we use internally, so I figured they might be useful to someone: - https://csp-evaluator.withgoogle.com - A tool to check CSP strength and find whitelist bypasses - https://chrome.google.com/webstore/detail/csp-mitigator/gijlobangojajlbodabkpjpheeeokhfa - Chrome extension to check if an application is compatible with a given CSP (it generates spiffy reports, too!) - https://csp.withgoogle.com - Our "developer education" site explaining how to adopt nonce-based CSP policies, including sample code and policies. I'm happy to accept bug reports and feature requests off-list ;-) Cheers, -ArturReceived on Monday, 26 September 2016 22:41:19 UTC
This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:21 UTC