Displaying 1 to 8 from 8 results

secureheaders - Manages application of security headers with many safe defaults

  •    Ruby

master represents the unreleased 4.x line. See the upgrading to 4.x doc for instructions on how to upgrade. Bug fixes should go in the 3.x branch for now.The 3.x branch is moving into maintenance mode. See the upgrading to 3.x doc for instructions on how to upgrade including the differences and benefits of using the 3.x branch.

secure_headers - Manages application of security headers with many safe defaults

  •    Ruby

master represents 6.x line. See the upgrading to 4.x doc, upgrading to 5.x doc, or upgrading to 6.x doc for instructions on how to upgrade. Bug fixes should go in the 5.x branch for now. The 3.x branch is moving into maintenance mode. See the upgrading to 3.x doc for instructions on how to upgrade including the differences and benefits of using the 3.x branch.

csp-builder - Build Content-Security-Policy headers from a JSON file (or build them programmatically)

  •    PHP

Easily integrate Content-Security-Policy headers into your web application, either from a JSON configuration file, or programatically. CSP Builder was created by Paragon Initiative Enterprises as part of our effort to encourage better application security practices.




csp-logger - Log all the CSP violations!

  •    Javascript

Content Security Policy Logging Service

seespee - Create a Content-Security-Policy for a website based on the statically detectable relations

  •    Javascript

Generate a Content-Security-Policy header for a website. The website is crawled for scripts, stylesheets, images, fonts, application manifests etc., which will be listed by their origin. Inline scripts and stylesheets will be hashed so 'unsafe-inline' can be avoided. If the website has an existing Content-Security-Policy header or a meta tag it will be detected and taken into account so all the existing directives are supported. This behavior can be disabled with the --ignoreexisting parameter.

go-csp-collector - A CSP collector written in Golang

  •    Go

This is a content security policy violation collector written in Golang. It has been designed to listen on port 8080 and accept POST payloads containing the violation report. It captures the report and will write it to STDOUT via Go's logger.

CSP-Bypass - A Burp Plugin for Detecting Weaknesses in Content Security Policies

  •    Python

This is a Burp plugin that is designed to passively scan for CSP headers that contain known bypasses as well as other potential weaknesses.