Hacking News g

Published on September 29th, 2016 📆 | 4596 Views ⚑


Google Releases Content Security Policy Tool To Prevent XSS Attack

Google Releases Content Security Policy Tool To Prevent From cross-site scripting (XSS), Clickjacking and other Malicious script.

Cross-site scripting XSS is one of the top most popular Vulnerability attack. Google already paid Bug Bounties approx $1.2 Million over XSS attack vulnerability in last 2 years .

Google released CSP Evaluator tool to detect web design code misconfiguration. To visualize the effect of setting a policy and detect subtle misconfigurations. CSP Evaluator is used by security engineers and developers at Google to make sure policies provide a meaningful security benefit and cannot be subverted by attackers.

Developers can now set a single, short policy such as:

script-src 'nonce-random123' 'strict-dynamic'; object-src 'none'

Also Google released CSP Mitigator. A Chrome extension designed to help developers review an application for compatibility with nonce-based CSP. The extension can be enabled for any URL prefix and will collect data about any programming patterns that need to be refactored to support CSP.

Credit: Google


What is Content Security Policy (CSP)?

Content Security Policy (CSP) provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features.

CSP is a mechanism designed to step in precisely when such bugs happen; it provides developers the ability to restrict which scripts are allowed to execute so that even if attackers can inject HTML into a vulnerable page, they should not be able to load malicious scripts and other types of resources. CSP is a flexible tool allowing developers to set a wide range of policies; it is supported  though not always in its entirety by all modern browsers.

Download Nulled WordPress Themes
Download WordPress Themes Free
Download WordPress Themes
Free Download WordPress Themes
free online course

Leave a Reply ✍