Josh Grossman

icon indicating a website link https://JoshCGrossman.com/

icon location InfoSec Consultant | Sometimes known as TGhostH | Based in Silicon Wadi | Cyber is an adjective | You wanna break it? You'd better know how to fix it!

Results 775 comments of Josh Grossman

discussion: new (clear and separate) requirement for CSP reporting/logging?

Yeah but the hard part here isn't adding a bit of text to the CSP header, it is having the infra to collect the violation logs which is why I...

discussion: new (clear and separate) requirement for CSP reporting/logging?

Yeah but it is a logging thing more than it is a browser header thing

discussion: new (clear and separate) requirement for CSP reporting/logging?

I discussed this with Elar and he made two very good points 1) The report logging mechanism almost certainly will be outside of the application and is therefore technically not...

proposal: 1.12.2 (50.5.2) move/merge to 12.5.2 (50.5.1)

So we now also have: | # | Description | L1 | L2 | L3 | CWE | | :---: | :--- | :---: | :---: | :---: | :---:...

proposal: 1.12.2 (50.5.2) move/merge to 12.5.2 (50.5.1)

@elarlang any idea what the next stage is here

proposal: 1.12.2 (50.5.2) move/merge to 12.5.2 (50.5.1)

haha so now we also have 50.5.4. Reproducing the whole section here: | # | Description | L1 | L2 | L3 | CWE | | :---: | :--- |...

proposal: 1.12.2 (50.5.2) move/merge to 12.5.2 (50.5.1)

@elarlang how many requirements do you think this should be merged down to?

proposal: 1.12.2 (50.5.2) move/merge to 12.5.2 (50.5.1)

@elarlang that all makes sense to me

proposal: 1.12.2 (50.5.2) move/merge to 12.5.2 (50.5.1)

Current v50.6.1: > [MODIFIED, MOVED FROM 12.5.2, MERGED FROM 1.12.2, 14.4.2] Verify that security controls are in place to prevent browsers from rendering content or functionality in HTTP responses in...

proposal: 1.12.2 (50.5.2) move/merge to 12.5.2 (50.5.1)

Ok so let's leave it for now, I updated the Google Sheet