Wednesday, 28 September 2016
2 comments

Google Releases Content Security Policy Tool To Prevent XSS Attack

Google Releases Content Security Policy Tool To Prevent XSS Attack


Google Releases Content Security Policy Tool To Prevent From cross-site scripting (XSS), Clickjacking and other Malicious script.


Cross-site scripting XSS is one of the top most popular Vulnerability attack. Google already paid Bug Bounties approx $1.2 Million over XSS attack vulnerability in last 2 years .

Google released CSP Evaluator tool to detect web design code misconfiguration. To visualize the effect of setting a policy and detect subtle misconfigurations. CSP Evaluator is used by security engineers and developers at Google to make sure policies provide a meaningful security benefit and cannot be subverted by attackers.

 Developers can now set a single, short policy such as:

script-src 'nonce-random123' 'strict-dynamic'; object-src 'none'

Also Google released CSP Mitigator. A Chrome extension designed to help developers review an application for compatibility with nonce-based CSP. The extension can be enabled for any URL prefix and will collect data about any programming patterns that need to be refactored to support CSP.

Credit: Google

What is Content Security Policy (CSP)?


Content Security Policy (CSP) provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features.

CSP is a mechanism designed to step in precisely when such bugs happen; it provides developers the ability to restrict which scripts are allowed to execute so that even if attackers can inject HTML into a vulnerable page, they should not be able to load malicious scripts and other types of resources. CSP is a flexible tool allowing developers to set a wide range of policies; it is supported  though not always in its entirety by all modern browsers.

2 comments:

  1. I agree that if you plan to stay with a cheater don't try to find any information. However, in my case I needed it in my state in order to file for a divorce and come out of the relationship. You can't just say I think courts want proof or you end up spending a lot of time and money to fight it out! Finding out was hard, but I was relieved that I wasn't crazy and it's making my divorce go a lot smoother. He would never confess; therefore, I did the best thing for me...find out, no doubt, move on!!!contact [email protected].he's a professional and will surely help you out,tell him from Jes

    ReplyDelete
  2. You ought to dependably pick hostile to infection items that are guaranteed by a Check stamp, ICSA Labs or VB100%. The decision of hostile to infection which has passed thorough testing of the infections by numerous clients is the correct decision for you. https://how-to-remove.org/malware/browser-hijacker-removal/chromosearch-com-removal/

    ReplyDelete

 
Toggle Footer
Top