CSP Auditor
This plugin provides a readable view of CSP Headers in the Response Tab, passive scan rules to detect weak CSP configuration, and a CSP configuration generator based on the Burp crawler or manual browsing. The project is packaged as a ZAP and Burp plugin. For more context around Content-Security-Policy and how to apply it to your website, see their blog posts on the topic: [Building a Content Security Policy Configuration with CSP Auditor](http://gosecure.net/2017/07/20/building-a-content-security-policy-configuration-with-csp-auditor) and [Auditing CSP Headers with Burp and ZAP](https://gosecure.net/2016/06/28/auditing-csp-headers-with-burp-and-zap/)
FEATURES
EXPLORE BY TAGS
SIMILAR TOOLS
Pint is a PIN tool that exposes the PIN API to lua scripts, allowing dynamic instrumentation of binaries.
An open-source web application security scanner framework that identifies vulnerabilities in web applications.
Detect users' operating systems and perform redirection with Apache mod_rewrite.
Static security code scanner (SAST) for Node.js applications with Docker support and integrations with Slack.
Akamai App & API Protector is an integrated security solution that safeguards web applications and APIs against various cyber threats using edge computing and adaptive technologies.
Static code analysis tool for infrastructure as code (IaC) and software composition analysis (SCA) with over 1000 built-in policies for AWS, Azure, and Google Cloud.
APKLeaks is a command-line tool that scans Android APK files to identify URIs, endpoints, and secrets embedded within application code.
An API security solution that provides continuous discovery, classification, and protection of APIs across environments while integrating with existing security infrastructure to prevent attacks and business logic abuse.
Hackazon is a free, vulnerable test site with an online storefront to train and test IT security professionals on various vulnerabilities like SQL Injection and cross-site scripting.
PINNED
Mandos
Fractional CISO service that helps B2B companies implement security leadership to win enterprise deals, achieve compliance, and develop strategic security programs.
Checkmarx SCA
A software composition analysis tool that identifies vulnerabilities, malicious code, and license risks in open source dependencies throughout the software development lifecycle.
Orca Security
A cloud-native application protection platform that provides agentless security monitoring, vulnerability management, and compliance capabilities across multi-cloud environments.
DryRun
A GitHub application that performs automated security code reviews by analyzing contextual security aspects of code changes during pull requests.