[Owasp-topten] CSP in XSS

Dirk Wetter dirk.wetter at owasp.org
Wed May 29 06:50:39 UTC 2013


cool!

Am 05/29/2013 01:04 AM, schrieb Dave Wichers:
> Dirk,
>
> Thank you for your suggestion.
>
> I made some minor tweaks to your original suggestion on the wiki, and have
> made the matching change to the OWASP Top 10 document itself.
>
> I also added a reference to the OWASP Java HTML Sanitizer Project as an
> alternative to AntiSamy.
>
> -Dave
>
> -----Original Message-----
> From: owasp-topten-bounces at lists.owasp.org
> [mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Dirk Wetter
> Sent: Tuesday, May 28, 2013 2:32 PM
> To: owasp-topten at lists.owasp.org
> Subject: [Owasp-topten] CSP in XSS
>
>
> Hi folks,
>
> I propose a minor change to the Top 10 list: CSP should be listed as a
> countermeasure in the XSS section.
>
> Please find the proposal in the wiki, hoping it'll be included in the final
> version.
>
>
> BR, Dirk
>
>
>

-- 
German OWASP Board, Conference Chair AppSec EU 2013 
http://appsec.eu/       |                 @appseceu
skype://drwetter.de     |      tel:+49-40-2442035-1



More information about the Owasp-topten mailing list