W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2016

CSP tools and documentation

From: Artur Janc <aaj@google.com>
Date: Mon, 26 Sep 2016 23:40:30 +0100
Message-ID: <CAPYVjqr=fbHX-FUJ=tEPGuVp7uWWutKtvRcapZ9TZW03JnaH0A@mail.gmail.com>
To: WebAppSec WG <public-webappsec@w3.org>
Hi all,

At the last call there was some interest in tools to evaluate the security
of CSP policies; we've just released several of the utilities we use
internally, so I figured they might be useful to someone:

- https://csp-evaluator.withgoogle.com - A tool to check CSP strength and
find whitelist bypasses
-
https://chrome.google.com/webstore/detail/csp-mitigator/gijlobangojajlbodabkpjpheeeokhfa
- Chrome extension to check if an application is compatible with a given
CSP (it generates spiffy reports, too!)
- https://csp.withgoogle.com - Our "developer education" site explaining
how to adopt nonce-based CSP policies, including sample code and policies.

I'm happy to accept bug reports and feature requests off-list ;-)

Cheers,
-Artur
Received on Monday, 26 September 2016 22:41:19 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:21 UTC