- From: Artur Janc <aaj@google.com>
- Date: Mon, 26 Sep 2016 23:40:30 +0100
- To: WebAppSec WG <public-webappsec@w3.org>
Received on Monday, 26 September 2016 22:41:19 UTC
Hi all, At the last call there was some interest in tools to evaluate the security of CSP policies; we've just released several of the utilities we use internally, so I figured they might be useful to someone: - https://csp-evaluator.withgoogle.com - A tool to check CSP strength and find whitelist bypasses - https://chrome.google.com/webstore/detail/csp-mitigator/gijlobangojajlbodabkpjpheeeokhfa - Chrome extension to check if an application is compatible with a given CSP (it generates spiffy reports, too!) - https://csp.withgoogle.com - Our "developer education" site explaining how to adopt nonce-based CSP policies, including sample code and policies. I'm happy to accept bug reports and feature requests off-list ;-) Cheers, -Artur
Received on Monday, 26 September 2016 22:41:19 UTC