📡 OWASP Secure Headers Project: We have refactored the section on the browser’s "Local Network Access" feature.

#appsec #appsecurity #owasp_shp

📖 owasp.org/www-project-...

⚠️ OWASP websites/projects/chapters migration. · OWASP www-project-secure-headers · Discussion #273 Hi, We (@riramar and myself) created this discussion to share/track with the OSHP community, in a open way, an important coming changes in the OSHP. The context 📍 The OWASP foundation has decided t...

📡 OWASP Secure Headers Project: The OWASP Foundation has decided to migrate its content to a new CMS. As a result, OSHP content is frozen for the duration of the migration. You can find more information and explanations in the discussion below.

github.com/OWASP/www-pr...

#owasp_shp

Overview of the page.

📡 OWASP Secure Headers Project: We have added information and examples regarding the Trusted Types feature of the Content-Security-Policy header.

📖 owasp.org/www-project-...

#appsec #appsecurity #owasp_shp

Content of the page.

Therefore, if you know of or find an HTTP response header that we have missed, please feel free to share this information with us via a "Feature Request" issue:

github.com/OWASP/www-pr...

#appsec #appsecurity #owasp_shp #http #headers

📖 owasp.org/www-project-...

📡 OWASP Secure Headers Project:

Over the years, we have compiled a collection of HTTP response headers that disclose technical information. We are continuing our research to find new ones on our own, but we have decided to ask our community for help in finding new ones.

#appsec #owasp_shp

📡 OWASP Secure Headers Project:

- We added information about the HTTP response header "X-DNS-Prefetch-Control".
- We added the tool "shcheck" to the list of analysis tools.

#appsec #appsecurity #owasp_shp

📡 OWASP Secure Headers Project: We added information about the response header "X-DNS-Prefetch-Control" based on technical tests we performed.

#appsec #appsecurity #owasp_shp

📖 owasp.org/www-project-...

📡 OWASP Secure Headers Project: We've reworked the section providing code snippets for configuring different web/application servers to leverage "LLM as a Service" providers.

#appsec #appsecurity #owasp_shp

📖 owasp.org/www-project-...

📡 OWASP Secure Headers Project: Update.

1) We've added a warning about support for the "Private Network Access" request header, as Google has suspended work on this.

2) We've started work on the "Reporting-Endpoints" response header.

#appsec #appsecurity #owasp_shp

Content updates

📡 OWASP Secure Headers Project: Spring updates n°1.

1) Several updates were made to the content.
2) A redirection from previous links was implemented.

#appsec #appsecurity #owasp_shp

📖 owasp.org/www-project-...

💡 Related pull requests:

- github.com/OWASP/www-pr...
- github.com/OWASP/owasp....

Overview of the tab.

📡 OWASP Secure Headers Project: We've redesigned the way statistics are generated and presented. They are now integrated into the main site.

#appsec #appsecurity #owasp_shp

📊 owasp.org/www-project-...

📡 OWASP Secure Headers Project: Section about Content-Security-Policy bypasses prevention updated with information related to the "base-uri" directive.

#appsec #appsecurity #owasp_shp #csp

📖 owasp.org/www-project-...