CSP Auditor Logo

CSP Auditor

0
Free
Visit Website

This plugin provides a readable view of CSP Headers in the Response Tab, passive scan rules to detect weak CSP configuration, and a CSP configuration generator based on the Burp crawler or manual browsing. The project is packaged as a ZAP and Burp plugin. For more context around Content-Security-Policy and how to apply it to your website, see their blog posts on the topic: [Building a Content Security Policy Configuration with CSP Auditor](http://gosecure.net/2017/07/20/building-a-content-security-policy-configuration-with-csp-auditor) and [Auditing CSP Headers with Burp and ZAP](https://gosecure.net/2016/06/28/auditing-csp-headers-with-burp-and-zap/)

FEATURES

ALTERNATIVES

Python-based web server framework for setting up fake web servers and services with precise data responses.

A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility.

Guidelines for secure coding in Java SE to avoid bugs that could weaken security and open holes in Java's security features.

ffufai is an AI-enhanced wrapper for ffuf that automatically suggests file extensions for web fuzzing based on the target URL and headers.

A tool for dynamic analysis of mobile applications in a controlled environment.

WPRecon is a tool for recognizing vulnerabilities and blackbox information for WordPress.

An AI-powered application security platform that provides automated discovery, testing, and continuous monitoring of applications and APIs with minimal operational impact.

Octoscan is a static analysis tool that scans GitHub Actions workflows for security vulnerabilities and misconfigurations.