Does anyone know of any DAST vendors that take into account both the existence of and policy setting of CSP headers when are checking XSS vulns?
3
Given the misconfiguration of many CSP policies, probably safer to assume that the CSP control is marginally helping.
researchgate.net/publication…
1
2
yep and this one from @we1x et all - static.googleusercontent.com…
1
Yeah, I looked for it, knew it was by Google, but then couldn't find it, thanks!
Jan 9, 2019 · 8:15 PM UTC