Attention developers and product owners!
Nixu's application security expert Teo Selenius is sharing his discoveries and latest application features in his AppSec Monkey blog for other developers, technical security experts and for those that want to learn about these topics.
Cross-site scripting (XSS) vulnerabilities are widespread, and the impact of such an attack can be devastating to your business.
It's crucial then that developers follow good practices to avoid such vulnerabilities. You can read about how XSS creeps into your code and how to prevent it here: https://appsecmonkey.com/blog/xss.
The good news is that a single browser security control can prevent XSS attacks even when your application is vulnerable, and that is the content security policy or CSP.
Read about CSP with runnable examples for different use cases here: https://appsecmonkey.com/blog/content-security-policy.