Google CSP Evaluator and CSP Mitigator anti XSS plugins

Google released two new tools called CSP Evaluator and CSP Mitigator and help security researchers identify weaknesses that allow XSS attacks.

Both tools rotate as a security mechanism applied by all major browsers, albeit somewhat differently.

What is a CSP or Content Security Policy

CSP is a set of rules that allow developers to restrict scripts that can run inside a page so that when attackers can find some way to pass HTML code within a vulnerable application, to upload malicious scripts because the CSP policy strictly prohibits and excludes these payloads at the browser level.bad-code Google

Despite the benefits of this security mechanism, Google reports that 95 percent of billions of domains scanned during a recent study have inappropriate CSP policies and allow attackers to bypass CSP protection and launch cross-site scripting attacks .

With the release of CSP Evaluator and CSP Mitigator, in the form of a standalone Chrome scanning and extensions website, Google hopes that webmasters will be able to test their CSP policies and improve their website protection capabilities.

Try plugins (Chrome)

CSP Evaluator

CSP Mitigator

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.098 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).