Locking Down Your Website Scripts with CSP, Hashes, Nonces and Report URI
Troy Hunt
NOVEMBER 14, 2017
I run a workshop titled Hack Yourself First in which people usually responsible for building web apps get to try their hand at breaking them. In that module, we cover reflected XSS which relies on the premise of untrusted data in the request being reflected back in the response. Also, no script blocks. push(arguments) }, i[r].l
Let's personalize your content