Does anyone know of any DAST vendors that take into account both the existence of and policy setting of CSP headers when are checking XSS vulns?
3
Replying to @ryancbarnett
Given the misconfiguration of many CSP policies, probably safer to assume that the CSP control is marginally helping. researchgate.net/publication…

Jan 9, 2019 · 2:07 PM UTC

1
2
Yeah, I looked for it, knew it was by Google, but then couldn't find it, thanks!