The otto interface, ottoBox, has been designed to make testing, monitoring, alerts, and mitigation easy and intuitive to manage and get you back to building & releasing cool stuff faster.
Here are the three most important things to get started reviewing and managing your 3rd-party risks and vulnerabilities.
otto-js's dynamic CSP Designer allows you to easily build, test and manage your Content Security Policy.
1. By default, you will start with very restricted CSP, deployed only in test mode. Test mode only effects your browser and not end users.
2. Click the "Test on Site" button to open your site in a new window to see how the CSP impacts your site.
You can open the browser console to see the violations generated by the policy.
3. The violations will also feed back into ottoBox's CSP Designer to assist you in creating the final CSP. Review each violation and click the "add" button for the scripts you want to approve and the "ignore" button for the ones you don't.CSP Designer will automatically creating correct directives to update your policy.
4. Save you policy, and once you are satisfied with your policy, click save and deploy. Note: CSP Designer versions your policies so you can view or roll back to a previous policy at any time.
5. Click "Deploy" to approve the CSP.
6. The final step is to enable your CSP by moving the pill from "Disabled" to "Enabled".
7. Now you have a production ready CSP live, you may get new violations in the Incident Dashboard you need to take action on. You should review each one if you want to add the script to your policy, click the "Edit CSP" button to return to the CSP designer to update add or ignore this script to your policy. If you make changes, repeat steps 4-6.
If you need any assistance or have any questions, please let us know. We're always here to help at support@otto-js.com.