Ryan Barnett · Jan 9, 2019 · 1:47 PM UTC

Ryan Barnett @ryancbarnett

9 Jan 2019

Does anyone know of any DAST vendors that take into account both the existence of and policy setting of CSP headers when are checking XSS vulns?

Bil Corry · Jan 9, 2019 · 2:07 PM UTC

Bil Corry · Jan 9, 2019 · 2:07 PM UTC

Bil Corry @bilcorry

9 Jan 2019

Given the misconfiguration of many CSP policies, probably safer to assume that the CSP control is marginally helping. researchgate.net/publication…

Jan 9, 2019 · 2:07 PM UTC

Ryan Barnett · Jan 9, 2019 · 7:10 PM UTC

Ryan Barnett @ryancbarnett

9 Jan 2019

Replying to @bilcorry

Bil Corry · Jan 9, 2019 · 8:15 PM UTC

Bil Corry @bilcorry

9 Jan 2019

Yeah, I looked for it, knew it was by Google, but then couldn't find it, thanks!