This plugin provides a readable view of CSP Headers in the Response Tab, passive scan rules to detect weak CSP configuration, and a CSP configuration generator based on the Burp crawler or manual browsing. The project is packaged as a ZAP and Burp plugin. For more context around Content-Security-Policy and how to apply it to your website, see their blog posts on the topic: [Building a Content Security Policy Configuration with CSP Auditor](http://gosecure.net/2017/07/20/building-a-content-security-policy-configuration-with-csp-auditor) and [Auditing CSP Headers with Burp and ZAP](https://gosecure.net/2016/06/28/auditing-csp-headers-with-burp-and-zap/)
This tool is not verified yet and doesn't have listed features.
Did you submit the verified tool? Sign in to add features.
Are you the author? Claim the tool by clicking the icon above. After claiming, you can add features.
Snyk Code is a real-time SAST tool that provides secure code analysis and actionable remediation advice to prevent code delays and ensure secure development.
JAADAS is a powerful tool for static analysis of Android applications, providing features like API misuse analysis and inter-procedure dataflow analysis.
IronBee is an open source project building a universal web application security sensor.
App-Ray offers comprehensive security analysis and compliance solutions for mobile applications.
Aqua Security is a CNAPP that provides comprehensive security for cloud native applications across their entire lifecycle, from development to production, in various cloud and container environments.
Automated framework for monitoring and tampering system API calls of native macOS, iOS, and Android apps.