CSP Auditor Logo

CSP Auditor

0
Free
Visit Website

This plugin provides a readable view of CSP Headers in the Response Tab, passive scan rules to detect weak CSP configuration, and a CSP configuration generator based on the Burp crawler or manual browsing. The project is packaged as a ZAP and Burp plugin. For more context around Content-Security-Policy and how to apply it to your website, see their blog posts on the topic: [Building a Content Security Policy Configuration with CSP Auditor](http://gosecure.net/2017/07/20/building-a-content-security-policy-configuration-with-csp-auditor) and [Auditing CSP Headers with Burp and ZAP](https://gosecure.net/2016/06/28/auditing-csp-headers-with-burp-and-zap/)

FEATURES

ALTERNATIVES

A security-focused general purpose memory allocator providing the malloc API with hardening against heap corruption vulnerabilities.

Real-time, eBPF-based Security Observability and Runtime Enforcement component

A web application security testing platform that helps you test your knowledge on web application security through realistic scenarios with known vulnerabilities.

A security analysis platform that combines SAST, SCA, SBOM generation and AI-assisted remediation to detect and fix vulnerabilities during the software development lifecycle.

An application security testing platform that combines automated scanning, AI assistance, and manual expert testing to provide continuous security assessment throughout the software development lifecycle.

A tool to scan for CORS misconfigurations in web applications

A free book providing design and implementation guidelines for writing secure programs in various languages.

An API security and monitoring platform that automatically discovers, validates, and protects API endpoints while providing comprehensive management and analytics capabilities.