csp   1961

« earlier    

Content Security Policy  |  Web Fundamentals  |  Google Developers
CSP doesn't want you to use in-line scripts and other resources, but if there are performance or other reasons, then you can include a nonce in the inline script and in the HTTP CSP headers that much match.
:velo:toimplement  csp  http  web  security  nonce 
2 days ago by reedhedges
Neatly bypassing CSP – Wallarm
Content Security Policy or CSP is a built-in browser technology which helps protect from attacks such as cross-site scripting (XSS). It lists and describes paths and sources, from which the browser…
csp  web  cors  iframe  bypass  security 
6 days ago by xer0x
I’m harvesting credit card numbers and passwords from your site. Here’s how.
Describes a speculative attack that CSP should help defend against.

n.b. this article also describes a variation using prefetch that can sneak past CSP.
csp  security  prefetch 
6 days ago by wrumsby
Getting Started with the Cloud Solution Provider APIs – Paul Andrew
If you're a Cloud Solution Provider (CSP) partner, you have many options for transacting your customers orders with Microsoft. In this post I'll walk through getting started with the CSP Application Programming Interfaces (APIs) and point you to some resources for learning more about them.
microsoft  CSP 
29 days ago by andyhuey
RT : While this little spotlight's still warm, I should also credit for teaching that is actually *not* v…
CSP  from twitter_favs
4 weeks ago by codepo8

« earlier    

related tags

10  :velo:toimplement  @4  activism  actormodel  ajax  apache  architecture  art  article  assets  asyn  async  asynchronous  bestpractices  browsealoud  browser  browsers  bypass  certificate-transparency  chapter  check  chrome  citrix  clip_studio  clojure  cloud  code  computer-science  concurrency  concurrent-ml  content-security-policy  content-security  content.security.policy  content  core.async  coroutines  cors  csr  css  decolonization  decoupled  deploy  design  dev  development  device  education  exhibition  expect-ct  experiement  extension  extractivism  feminism  fiber  fibers  firefox  formal  github  go  googleanalytics  guide  headers  heroku  history  howto  html  http  https  hydrology  iframe  ifttt  infosec  infrastructure  internet  intune  isru  javascript  js  jun18  landscape  landscape_arch  laravel  larc2330  lua  lummi  lunar  manage  management  mapping  materials  mdm  messagepassing  michigan  microsoft  monitoring  moon  mozilla  museum  nasa  ndn  nginx  node.js  nonce  npm  nyc  odawa  ojibwe  optic  paint  party  pentesting  php  picalculus  place_making_ndn  policy  potawatomi  prefetch  processing  programming  propulsion  rails  regolith  remote  research  reservedinstances  saas  science  seattle  sec  security  sequence  serverless  service  simulation  sinter  sintering  small  smallsat  social_memory  social_practice  software  solar  space  spacecraft  sri  ssl  stream  streamdataprocessing  styleguide  subresourceintegrity  technology  test  texthelp  thermal  thruster  tools  treaties  tutorial  visualization  washington  water  web-security  web  webapp  webdev  websec  websecurity  webserver  windows  wishlist  xsdb  xsrf  xss 

Copy this bookmark: