[Owasp-topten] CSP in XSS
dirk.wetter at owasp.org
Wed May 29 06:50:39 UTC 2013
Am 05/29/2013 01:04 AM, schrieb Dave Wichers:
> Thank you for your suggestion.
> I made some minor tweaks to your original suggestion on the wiki, and have
> made the matching change to the OWASP Top 10 document itself.
> I also added a reference to the OWASP Java HTML Sanitizer Project as an
> alternative to AntiSamy.
> -----Original Message-----
> From: owasp-topten-bounces at lists.owasp.org
> [mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Dirk Wetter
> Sent: Tuesday, May 28, 2013 2:32 PM
> To: owasp-topten at lists.owasp.org
> Subject: [Owasp-topten] CSP in XSS
> Hi folks,
> I propose a minor change to the Top 10 list: CSP should be listed as a
> countermeasure in the XSS section.
> Please find the proposal in the wiki, hoping it'll be included in the final
> BR, Dirk
German OWASP Board, Conference Chair AppSec EU 2013
http://appsec.eu/ | @appseceu
skype://drwetter.de | tel:+49-40-2442035-1
More information about the Owasp-topten