- From: Craig Francis <craig.francis@gmail.com>
- Date: Tue, 27 Sep 2016 12:08:00 +0100
- To: Artur Janc <aaj@google.com>
- Cc: WebAppSec WG <public-webappsec@w3.org>
- Message-Id: <4DCD5D7B-3A66-4B33-A9A4-C15E83511FC5@gmail.com>
Hi Arthur, Is it worth talking to Lucas Garron on the Google Chrome team to see if your csp-evaluator could be added to the Security tab of the Dev Tools? Must confess I've been wanting something like this for a while: https://craigfrancis.github.io/dev-security/#csp <https://craigfrancis.github.io/dev-security/#csp> :-) Craig > On 26 Sep 2016, at 23:40, Artur Janc <aaj@google.com> wrote: > > Hi all, > > At the last call there was some interest in tools to evaluate the security of CSP policies; we've just released several of the utilities we use internally, so I figured they might be useful to someone: > > - https://csp-evaluator.withgoogle.com <https://csp-evaluator.withgoogle.com/> - A tool to check CSP strength and find whitelist bypasses > - https://chrome.google.com/webstore/detail/csp-mitigator/gijlobangojajlbodabkpjpheeeokhfa <https://chrome.google.com/webstore/detail/csp-mitigator/gijlobangojajlbodabkpjpheeeokhfa> - Chrome extension to check if an application is compatible with a given CSP (it generates spiffy reports, too!) > - https://csp.withgoogle.com <https://csp.withgoogle.com/> - Our "developer education" site explaining how to adopt nonce-based CSP policies, including sample code and policies. > > I'm happy to accept bug reports and feature requests off-list ;-) > > Cheers, > -Artur
Received on Tuesday, 27 September 2016 11:08:32 UTC