From b54047978d1f33735bb9d71da98ab14058ba177c Mon Sep 17 00:00:00 2001 From: Shai Alon Date: Tue, 16 Feb 2021 20:32:56 +0200 Subject: [PATCH 1/5] CSP bypasses --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index d5e072b..1ce4ff7 100644 --- a/README.md +++ b/README.md @@ -377,6 +377,8 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [Evading CSP with DOM-based dangling markup](https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup) - Written by [portswigger](https://portswigger.net/). - [GitHub's CSP journey](https://githubengineering.com/githubs-csp-journey/) - Written by [@ptoomey3](https://github.com/ptoomey3). - [GitHub's post-CSP journey](https://githubengineering.com/githubs-post-csp-journey/) - Written by [@ptoomey3](https://github.com/ptoomey3). +- [CSP bypasses, and how developers can build a strict CSP!](https://rapidsec.com/docs/csp-bypasses) - Written by [@shaialon](https://github.com/shaialon). + ### WAF From 7eb1e469e5d6d7050e2302334f8b6c982d17c041 Mon Sep 17 00:00:00 2001 From: Shai Alon Date: Tue, 16 Feb 2021 20:38:28 +0200 Subject: [PATCH 2/5] CSP scanner extension --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 1ce4ff7..a7fd454 100644 --- a/README.md +++ b/README.md @@ -592,6 +592,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [prowler](https://github.com/Alfresco/prowler) - Tool for AWS security assessment, auditing and hardening by [@Alfresco](https://github.com/Alfresco). - [slurp](https://github.com/hehnope/slurp) - Evaluate the security of S3 buckets by [@hehnope](https://github.com/hehnope). - [A2SV](https://github.com/hahwul/a2sv) - Auto Scanning to SSL Vulnerability by [@hahwul](https://github.com/hahwul). +- [CSP Scanner Extension](https://chrome.google.com/webstore/detail/csp-scanner-test-analyze/eoiiiomeoogcpnkdedcodoeaacpdfmdj) - Chrome extention to analyze a site's Content-Security-Policy (CSP) and get suggestion improvements by [@shaialon](https://github.com/shaialon). ### Command Injection From db7ec3d17c37c8caa98aae9af5db6cb8d2f1e069 Mon Sep 17 00:00:00 2001 From: Shai Alon Date: Tue, 16 Feb 2021 20:40:06 +0200 Subject: [PATCH 3/5] cleanup --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a7fd454..7d2ad21 100644 --- a/README.md +++ b/README.md @@ -592,7 +592,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [prowler](https://github.com/Alfresco/prowler) - Tool for AWS security assessment, auditing and hardening by [@Alfresco](https://github.com/Alfresco). - [slurp](https://github.com/hehnope/slurp) - Evaluate the security of S3 buckets by [@hehnope](https://github.com/hehnope). - [A2SV](https://github.com/hahwul/a2sv) - Auto Scanning to SSL Vulnerability by [@hahwul](https://github.com/hahwul). -- [CSP Scanner Extension](https://chrome.google.com/webstore/detail/csp-scanner-test-analyze/eoiiiomeoogcpnkdedcodoeaacpdfmdj) - Chrome extention to analyze a site's Content-Security-Policy (CSP) and get suggestion improvements by [@shaialon](https://github.com/shaialon). +- [CSP Scanner Extension](https://chrome.google.com/webstore/detail/csp-scanner-test-analyze/eoiiiomeoogcpnkdedcodoeaacpdfmdj) - Chrome extention to analyze a site's Content-Security-Policy (CSP) by [@shaialon](https://github.com/shaialon). ### Command Injection From bddd1a681d45018322a91e5263fb333342cb6a2b Mon Sep 17 00:00:00 2001 From: Shai Alon Date: Tue, 16 Feb 2021 20:52:12 +0200 Subject: [PATCH 4/5] Cool CSP stuff --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 7d2ad21..f8215ca 100644 --- a/README.md +++ b/README.md @@ -742,6 +742,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [js-xss](https://github.com/leizongmin/js-xss) - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist by [@leizongmin](https://github.com/leizongmin). - [Acra](https://github.com/cossacklabs/acra) - Client-side encryption engine for SQL databases, with strong selective encryption, SQL injections prevention and intrusion detection by [@cossacklabs](https://www.cossacklabs.com/). - [Csper](https://csper.io) - A set of tools for building/evaluating/monitoring content-security-policy to prevent/detect cross site scripting by [Csper](https://csper.io). +- [RapidSec](https://rapidsec.com/) - Generate a strong Content-Security-Policy (CSP) and monitor it's logs for free by [RapidSec](https://rapidsec.com/). ### Proxy From f1a47cae23b3a09221ea053a7e9541e2076f6d0a Mon Sep 17 00:00:00 2001 From: Shai Alon Date: Tue, 16 Feb 2021 20:53:37 +0200 Subject: [PATCH 5/5] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f8215ca..7a601c7 100644 --- a/README.md +++ b/README.md @@ -592,7 +592,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre - [prowler](https://github.com/Alfresco/prowler) - Tool for AWS security assessment, auditing and hardening by [@Alfresco](https://github.com/Alfresco). - [slurp](https://github.com/hehnope/slurp) - Evaluate the security of S3 buckets by [@hehnope](https://github.com/hehnope). - [A2SV](https://github.com/hahwul/a2sv) - Auto Scanning to SSL Vulnerability by [@hahwul](https://github.com/hahwul). -- [CSP Scanner Extension](https://chrome.google.com/webstore/detail/csp-scanner-test-analyze/eoiiiomeoogcpnkdedcodoeaacpdfmdj) - Chrome extention to analyze a site's Content-Security-Policy (CSP) by [@shaialon](https://github.com/shaialon). +- [CSP Scanner Extension](https://chrome.google.com/webstore/detail/csp-scanner-test-analyze/eoiiiomeoogcpnkdedcodoeaacpdfmdj) - Chrome extention to analyze a site's Content-Security-Policy (CSP) by [CSP Scanner](https://cspscanner.com/). ### Command Injection