Google is
releasing innovative tools which will be helpful for developers to improve
and protect content security policies (CSP) against cross-site scripting
vulnerabilities in web applications. Content security policy makes it possible
for developers to identify which scripts can run on a page and is able to
defeat XSS attacks. Attackers add rough scripts in web applications to target users
and CSP prevent these XSS attacks through restricting scripts from running. According
to Google study in mostly cases CSP policies are ineffective and the attacks
succeed to target visitors.
So, the Google
has introduced a CSP Evaluator tool which will be helpful for security
engineers and developers to recognize how a given policy would affect a web
application. Google has introduced the ways to protect web applications when
normal CSP policies are bypassed and has implemented a nonce-based
CSP
system for complicated and larger applications.
Google has released a CSP
Mitigator tool which is an extension for Chrome to help a developer in examining
either an application is working with nonce-based CSP. Google is also adding
CSP adoption efforts to its bug bounty program.
No comments:
Post a Comment