csp-toolkit#
A Python library and CLI for parsing, analyzing, and finding bypasses in Content Security Policy headers. It runs 21 weakness checks, scores policies A+ to F, and cross-references whitelisted domains against a database of 79 known-exploitable JSONP endpoints, CDN gadgets, and arbitrary hosting domains.
Features: batch scanning, subdomain variance detection, nonce reuse detection, header injection testing, violation report analysis with fix suggestions, stacked CSP intersection, monitoring with change alerts, CSP generation, Nuclei templates, and a Chrome extension.
pip install csp-toolkit
appsec.fyi#
A curated collection of 2,000+ application security resources organized by vulnerability class and topic. Covers IDOR, XSS, SQL injection, XXE, SSRF, CSRF, RCE, AI security, OSINT, bug bounty, reconnaissance, fuzzing, Burp Suite, GraphQL, and more.
Built as the quick-reference I wanted during security assessments – every resource is hand-picked based on actual use rather than search rankings.
OWASP Indianapolis Chapter#
Founded the OWASP Indianapolis Chapter in 2005. The chapter hosts regular meetings on application security topics for the Indianapolis security community.