[Owasp-topten] CSP in XSS

Dave Wichers dave.wichers at owasp.org
Tue May 28 20:00:03 UTC 2013


Absolutely. Great suggestion Dirk.  I'm a huge fan of CSP and have been
telling everyone I can about it. I can't believe we forgot to mention it. We
might reword it a little but it definitely will be in the final release.

 

Thanks, Dave

 

From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Michael Coates
Sent: Tuesday, May 28, 2013 2:37 PM
To: Dirk Wetter
Cc: OWASP TopTen
Subject: Re: [Owasp-topten] CSP in XSS

 

I'll certainly second that.

-Michael

 





--
Michael Coates | OWASP | @_mwc

 

On Tue, May 28, 2013 at 11:31 AM, Dirk Wetter <dirk.wetter at owasp.org> wrote:


Hi folks,

I propose a minor change to the Top 10 list: CSP should be listed as a
countermeasure in the XSS
section.

Please find the proposal in the wiki, hoping it'll be included in the final
version.


BR, Dirk



--
German OWASP Board, Conference Chair AppSec EU 2013
http://appsec.eu/       |                 @appseceu
skype://drwetter.de     |      tel:+49-40-2442035-1 <tel:%2B49-40-2442035-1>

_______________________________________________
Owasp-topten mailing list
Owasp-topten at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-topten

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130528/a88ab358/attachment.html>


More information about the Owasp-topten mailing list