[Owasp-topten] CSP in XSS
dave.wichers at owasp.org
Tue May 28 23:04:54 UTC 2013
Thank you for your suggestion.
I made some minor tweaks to your original suggestion on the wiki, and have
made the matching change to the OWASP Top 10 document itself.
I also added a reference to the OWASP Java HTML Sanitizer Project as an
alternative to AntiSamy.
From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Dirk Wetter
Sent: Tuesday, May 28, 2013 2:32 PM
To: owasp-topten at lists.owasp.org
Subject: [Owasp-topten] CSP in XSS
I propose a minor change to the Top 10 list: CSP should be listed as a
countermeasure in the XSS section.
Please find the proposal in the wiki, hoping it'll be included in the final
German OWASP Board, Conference Chair AppSec EU 2013
http://appsec.eu/ | @appseceu
skype://drwetter.de | tel:+49-40-2442035-1
Owasp-topten mailing list
Owasp-topten at lists.owasp.org
More information about the Owasp-topten