Google released two new tools called CSP Evaluator and CSP Mitigator to help researchers better safetyto identify vulnerabilities that allow XSS attacks.
Both tools rotate as a security mechanism applied by all major browsers, albeit somewhat differently.
What is CSP or Content Security Policy
CSP is a set of rules that allow developers to limit the scripts that are allowed to run within a page, so that when attackers manage to figure out a way to pass HTML code into a vulnerable application, not be able to load malicious scripts, because the CSP policy strictly prohibits and blocks these payloads at the browser level.
Despite the benefits of this security mechanism, Google reports that 95 percent of billions of domains scanned during a recent study have inappropriate CSP policies and allow attackers to bypass CSP protection and launch cross-site scripting attacks .
With the release of CSP Evaluator and CSP Mitigator, in the form of a standalone scanning website and Chrome extensions, Google hopes that the Webmasters they will be able to test the CSP policies they use and improve the protection capabilities of their website.
Try plugins (Chrome)
