CSP Auditor Logo

CSP Auditor

0
Free
Visit Website

This plugin provides a readable view of CSP Headers in the Response Tab, passive scan rules to detect weak CSP configuration, and a CSP configuration generator based on the Burp crawler or manual browsing. The project is packaged as a ZAP and Burp plugin. For more context around Content-Security-Policy and how to apply it to your website, see their blog posts on the topic: [Building a Content Security Policy Configuration with CSP Auditor](http://gosecure.net/2017/07/20/building-a-content-security-policy-configuration-with-csp-auditor) and [Auditing CSP Headers with Burp and ZAP](https://gosecure.net/2016/06/28/auditing-csp-headers-with-burp-and-zap/)

FEATURES

ALTERNATIVES

Emulates browser functionality to detect exploits targeting browser vulnerabilities.

Embeddable Yara library for Java with support for loading rules and scanning data.

A tool that uses Apache mod_rewrite to redirect invalid URIs to a specified URL

This article discusses the different types of remote timing attacks and provides defense strategies against them.

A deliberately vulnerable modern day app with lots of DOM related bugs

Deliberately vulnerable web application for educational purposes.

An AI-powered application security platform that provides automated discovery, testing, and continuous monitoring of applications and APIs with minimal operational impact.

A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.