Wednesday, 28 September 2016
2 comments

Google Releases Content Security Policy Tool To Prevent XSS Attack

Google Releases Content Security Policy Tool To Prevent XSS Attack


Google Releases Content Security Policy Tool To Prevent From cross-site scripting (XSS), Clickjacking and other Malicious script.


Cross-site scripting XSS is one of the top most popular Vulnerability attack. Google already paid Bug Bounties approx $1.2 Million over XSS attack vulnerability in last 2 years .

Google released CSP Evaluator tool to detect web design code misconfiguration. To visualize the effect of setting a policy and detect subtle misconfigurations. CSP Evaluator is used by security engineers and developers at Google to make sure policies provide a meaningful security benefit and cannot be subverted by attackers.

 Developers can now set a single, short policy such as:

script-src 'nonce-random123' 'strict-dynamic'; object-src 'none'

Also Google released CSP Mitigator. A Chrome extension designed to help developers review an application for compatibility with nonce-based CSP. The extension can be enabled for any URL prefix and will collect data about any programming patterns that need to be refactored to support CSP.

Credit: Google

What is Content Security Policy (CSP)?


Content Security Policy (CSP) provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features.

CSP is a mechanism designed to step in precisely when such bugs happen; it provides developers the ability to restrict which scripts are allowed to execute so that even if attackers can inject HTML into a vulnerable page, they should not be able to load malicious scripts and other types of resources. CSP is a flexible tool allowing developers to set a wide range of policies; it is supported  though not always in its entirety by all modern browsers.

2 comments:

  1. I agree that if you plan to stay with a cheater don't try to find any information. However, in my case I needed it in my state in order to file for a divorce and come out of the relationship. You can't just say I think courts want proof or you end up spending a lot of time and money to fight it out! Finding out was hard, but I was relieved that I wasn't crazy and it's making my divorce go a lot smoother. He would never confess; therefore, I did the best thing for me...find out, no doubt, move on!!!contact [email protected]'s a professional and will surely help you out,tell him from Jes

    ReplyDelete
  2. Confront your cheating spouse with evidence, i was able to spy on my cheating ex phone without finding out.....it really helped me during my divorce ...you can contact [email protected] call and text +1 512 605 1256 for spying and hacking social networks, school servers, icloud and much more, viber chats hack, Facebook messages and yahoo messenger, calls log and spy call recording, monitoring SMS text messages remotely, cell phone GPS location tracking, spy on Whats app Messages, his services are AFFORDABLE

    ReplyDelete

 
Toggle Footer
Top