Chrome Extension that helps on Security Testing: CSP Evaluator
 |
CSP Evaluator is a tool provided by Google that will help us evaluate and test Content Security Policy (CSP) headers on a website.
CSP is a security feature implemented by web applications to mitigate various types of attacks, such as cross-site scripting (XSS)* and data injection attacks. CSP allows web developers to specify which sources of content are trusted and which are not, helping to prevent malicious code execution.
CSP Scopre: it will assists web developers in assessing the effectiveness of their CSP policies. It works by analyzing the CSP headers of a web page and it provides feedback on their configuration.
It can help identify potential security vulnerabilities, misconfigurations, and suggest improvements to enhance the security posture of a web application.
XXS scripting:
A type of security vulnerability that occurs in web applications when untrusted data from a user is included in a web page without proper validation or escaping. This allows an attacker to inject malicious code, typically JavaScript, into a web page that is then executed by other users who view that page. XSS attacks can have various harmful consequences