From e0b36f96826f98d9374fbc9e5ca518db423cd39e Mon Sep 17 00:00:00 2001
From: Boik <qazbnm456@gmail.com>
Date: Wed, 1 Aug 2018 17:41:36 +0800
Subject: [PATCH] add articles

---
 README-jp.md | 4 +++-
 README-zh.md | 4 +++-
 README.md    | 4 +++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/README-jp.md b/README-jp.md
index 2847f83..8955dc2 100644
--- a/README-jp.md
+++ b/README-jp.md
@@ -252,6 +252,8 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 - [TWITTER XSS + CSP BYPASS](http://www.paulosyibelo.com/2017/05/twitter-xss-csp-bypass.html) - Written by [Paulos Yibelo](http://www.paulosyibelo.com/).
 - [Neatly bypassing CSP](https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa) - Written by [Wallarm](https://wallarm.com/).
 - [Evading CSP with DOM-based dangling markup](https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup) - Written by [portswigger](https://portswigger.net/).
+- [GitHub's CSP journey](https://githubengineering.com/githubs-csp-journey/) - Written by [@ptoomey3](https://github.com/ptoomey3).
+- [GitHub's post-CSP journey](https://githubengineering.com/githubs-post-csp-journey/) - Written by [@ptoomey3](https://github.com/ptoomey3).
 
 <a name="evasions-waf"></a>
 ### WAF
@@ -362,7 +364,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 
 ## Browser Exploitation
 
-### Frontend (like CSP bypass, URL spoofing, and something like that)
+### Frontend (like SOP bypass, URL spoofing, and something like that)
 
 - [JSON hijacking for the modern web](http://blog.portswigger.net/2016/11/json-hijacking-for-modern-web.html) - Written by [portswigger](https://portswigger.net/).
 - [IE11 Information disclosure - local file detection](https://www.facebook.com/ExploitWareLabs/photos/a.361854183878462.84544.338832389513975/1378579648872572/?type=3&theater) - Written by James Lee.
diff --git a/README-zh.md b/README-zh.md
index 9baba26..d610b9d 100644
--- a/README-zh.md
+++ b/README-zh.md
@@ -273,6 +273,8 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 - [TWITTER XSS + CSP BYPASS](http://www.paulosyibelo.com/2017/05/twitter-xss-csp-bypass.html) - Written by [Paulos Yibelo](http://www.paulosyibelo.com/).
 - [Neatly bypassing CSP](https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa) - Written by [Wallarm](https://wallarm.com/).
 - [Evading CSP with DOM-based dangling markup](https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup) - Written by [portswigger](https://portswigger.net/).
+- [GitHub's CSP journey](https://githubengineering.com/githubs-csp-journey/) - Written by [@ptoomey3](https://github.com/ptoomey3).
+- [GitHub's post-CSP journey](https://githubengineering.com/githubs-post-csp-journey/) - Written by [@ptoomey3](https://github.com/ptoomey3).
 
 <a name="evasions-waf"></a>
 ### WAF
@@ -392,7 +394,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 
 ## Browser Exploitation
 
-### Frontend (like CSP bypass, URL spoofing, and something like that)
+### Frontend (like SOP bypass, URL spoofing, and something like that)
 
 - [浏览器漏洞挖掘思路](https://zhuanlan.zhihu.com/p/28719766) - Written by [Twosecurity](https://twosecurity.io/).
 - [Browser UI Security 技术白皮书](http://xlab.tencent.com/cn/wp-content/uploads/2017/10/browser-ui-security-whitepaper.pdf) - Written by [腾讯玄武实验室](http://xlab.tencent.com/).
diff --git a/README.md b/README.md
index 20e288d..055a4db 100644
--- a/README.md
+++ b/README.md
@@ -249,6 +249,8 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 - [TWITTER XSS + CSP BYPASS](http://www.paulosyibelo.com/2017/05/twitter-xss-csp-bypass.html) - Written by [Paulos Yibelo](http://www.paulosyibelo.com/).
 - [Neatly bypassing CSP](https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa) - Written by [Wallarm](https://wallarm.com/).
 - [Evading CSP with DOM-based dangling markup](https://portswigger.net/blog/evading-csp-with-dom-based-dangling-markup) - Written by [portswigger](https://portswigger.net/).
+- [GitHub's CSP journey](https://githubengineering.com/githubs-csp-journey/) - Written by [@ptoomey3](https://github.com/ptoomey3).
+- [GitHub's post-CSP journey](https://githubengineering.com/githubs-post-csp-journey/) - Written by [@ptoomey3](https://github.com/ptoomey3).
 
 <a name="evasions-waf"></a>
 ### WAF
@@ -358,7 +360,7 @@ If you enjoy this awesome list and would like to support it, check out my [Patre
 
 ## Browser Exploitation
 
-### Frontend (like CSP bypass, URL spoofing, and something like that)
+### Frontend (like SOP bypass, URL spoofing, and something like that)
 
 - [JSON hijacking for the modern web](http://blog.portswigger.net/2016/11/json-hijacking-for-modern-web.html) - Written by [portswigger](https://portswigger.net/).
 - [IE11 Information disclosure - local file detection](https://www.facebook.com/ExploitWareLabs/photos/a.361854183878462.84544.338832389513975/1378579648872572/?type=3&theater) - Written by James Lee.