Re: CSP tools and documentation

Hi Arthur,

Is it worth talking to Lucas Garron on the Google Chrome team to see if your csp-evaluator could be added to the Security tab of the Dev Tools?

Must confess I've been wanting something like this for a while: https://craigfrancis.github.io/dev-security/#csp <https://craigfrancis.github.io/dev-security/#csp>

:-)

Craig



> On 26 Sep 2016, at 23:40, Artur Janc <aaj@google.com> wrote:
> 
> Hi all,
> 
> At the last call there was some interest in tools to evaluate the security of CSP policies; we've just released several of the utilities we use internally, so I figured they might be useful to someone:
> 
> - https://csp-evaluator.withgoogle.com <https://csp-evaluator.withgoogle.com/> - A tool to check CSP strength and find whitelist bypasses 
> - https://chrome.google.com/webstore/detail/csp-mitigator/gijlobangojajlbodabkpjpheeeokhfa <https://chrome.google.com/webstore/detail/csp-mitigator/gijlobangojajlbodabkpjpheeeokhfa> - Chrome extension to check if an application is compatible with a given CSP (it generates spiffy reports, too!)
> - https://csp.withgoogle.com <https://csp.withgoogle.com/> - Our "developer education" site explaining how to adopt nonce-based CSP policies, including sample code and policies.
> 
> I'm happy to accept bug reports and feature requests off-list ;-)
> 
> Cheers,
> -Artur

Received on Tuesday, 27 September 2016 11:08:32 UTC