[Owasp-topten] CSP in XSS

Dave Wichers dave.wichers at owasp.org
Tue May 28 20:00:03 UTC 2013

Absolutely. Great suggestion Dirk.  I'm a huge fan of CSP and have been
telling everyone I can about it. I can't believe we forgot to mention it. We
might reword it a little but it definitely will be in the final release.


Thanks, Dave


From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Michael Coates
Sent: Tuesday, May 28, 2013 2:37 PM
To: Dirk Wetter
Cc: OWASP TopTen
Subject: Re: [Owasp-topten] CSP in XSS


I'll certainly second that.



Michael Coates | OWASP | @_mwc


On Tue, May 28, 2013 at 11:31 AM, Dirk Wetter <dirk.wetter at owasp.org> wrote:

Hi folks,

I propose a minor change to the Top 10 list: CSP should be listed as a
countermeasure in the XSS

Please find the proposal in the wiki, hoping it'll be included in the final

BR, Dirk

German OWASP Board, Conference Chair AppSec EU 2013
http://appsec.eu/       |                 @appseceu
skype://drwetter.de     |      tel:+49-40-2442035-1 <tel:%2B49-40-2442035-1>

Owasp-topten mailing list
Owasp-topten at lists.owasp.org


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130528/a88ab358/attachment.html>

More information about the Owasp-topten mailing list