Difference between revisions of "Test Content Security Policy (OTG-CONFIG-008)"

From OWASP
Jump to: navigation, search
m (Andrew Muller moved page Testing for Content Security Policy weakness to Test Content Security Policy (OTG-CONFIG-008): Align with common number and cross-product correlation initiative)
 
Line 4: Line 4:
 
== Brief Summary ==
 
== Brief Summary ==
 
<br>
 
<br>
..here: we describe in "natural language" what we want to test.
+
Content Security Policy (CSP) is an W3C specification instructs the client browser (using a directive) from which location and/or which type of resources are allowed to be loaded.  
 
<br>
 
<br>
 
== Description of the Issue ==  
 
== Description of the Issue ==  

Latest revision as of 17:39, 20 November 2013

This article is part of the new OWASP Testing Guide v4.
Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: https://www.owasp.org/index.php/OWASP_Testing_Project


Brief Summary


Content Security Policy (CSP) is an W3C specification instructs the client browser (using a directive) from which location and/or which type of resources are allowed to be loaded.

Description of the Issue


...here: Short Description of the Issue: Topic and Explanation

Black Box testing and example

Testing for Topic X vulnerabilities:
...
Result Expected:
...

References

OWASP List of useful HTTP headers

Whitepapers
...
Tools
...