Difference between revisions of "Test Content Security Policy (OTG-CONFIG-008)"

From OWASP
Jump to: navigation, search
 
(One intermediate revision by one user not shown)
Line 4: Line 4:
 
== Brief Summary ==
 
== Brief Summary ==
 
<br>
 
<br>
..here: we describe in "natural language" what we want to test.
+
Content Security Policy (CSP) is an W3C specification instructs the client browser (using a directive) from which location and/or which type of resources are allowed to be loaded.  
 
<br>
 
<br>
 
== Description of the Issue ==  
 
== Description of the Issue ==  

Latest revision as of 17:39, 20 November 2013

This article is part of the new OWASP Testing Guide v4. 
At the moment the project is in the REVIEW phase.

Back to the OWASP Testing Guide v4 ToC: https://www.owasp.org/index.php/OWASP_Testing_Guide_v4_Table_of_Contents Back to the OWASP Testing Guide Project: http://www.owasp.org/index.php/OWASP_Testing_Project

Contents


Brief Summary


Content Security Policy (CSP) is an W3C specification instructs the client browser (using a directive) from which location and/or which type of resources are allowed to be loaded.

Description of the Issue


...here: Short Description of the Issue: Topic and Explanation

Black Box testing and example

Testing for Topic X vulnerabilities:
...
Result Expected:
...

References

OWASP List of useful HTTP headers

Whitepapers
...
Tools
...