Has anyone detected xss where csp reports were what first made you notice the bug? Not me. One missed opportunity, but the tweet went viral
-
Show this thread
-
-
Replying to @arturjanc
I agree but my point was that reporting is for hardening policies, not detecting attacks.
1 reply 0 retweets 0 likes -
Replying to @ndm
With reporting (and script-sample) you will see offending markup and can filter common pentesting payloads. Detection is iffy b/c noise
1 reply 0 retweets 0 likes -
Replying to @arturjanc @ndm
But sometimes it's helpful to see when a bug was first found.
1 reply 0 retweets 1 like
Replying to @arturjanc @ndm
I agree though that it's a totally incidental behavior and almost all the utility is in reporting during deployment.
2:03 PM - 17 Oct 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.