Google released two new tools called CSP Evaluator and CSP Mitigator and help security researchers identify weaknesses that allow XSS attacks.
Both tools rotate like a mechanism security που εφαρμόζεται από όλα τα μεγάλα προletterthe browsing, albeit in a somewhat different way.
What is a CSP or Content Security Policy
CSP is a set of rules that allow developers to restrict scripts that can run inside a page so that when attackers can find some way to pass HTML code within a vulnerable application, to upload malicious scripts because the CSP policy strictly prohibits and excludes these payloads at the browser level.
Despite the benefits of this security mechanism, Google reports that 95 percent of the billion domains scanned during a recent studys have inappropriate CSP policies and allow attackers to bypass CSP protection and launch XSS (cross-site scripting) attacks.
With the release of CSP Evaluator and CSP Mitigator, in the form of a standalone Chrome scanning and extensions website, Google hopes that webmasters will be able to test their CSP policies and improve their website protection capabilities.
Try plugins (Chrome)
