homepage
Open menu

Content Security Policy Bypass: Exploiting Misconfigurations

Content Security Policy (CSP) is designed to help mitigate content injection attacks such as XSS. While it can be helpful as a part of a defense-in-depth strategy, misconfigurations may be bypassed, especially when used as a sole defensive mechanism. Content Security Policy configurations can be...
By
James Casteel
July 15, 2021
Download

All papers are copyrighted. No re-posting of papers is permitted

470x382_Generic_Whitepaper.jpg

Related Content

Blog
Penetration Testing and Red Teaming, Cybersecurity and IT Essentials
Cloud Scanning for Vulnerability Discovery
In this article we'll look at the step-by-step process of scanning a cloud provider's network for target enumeration.
370x370_Joshua-Wright.jpg
Joshua Wright
read more
Blog
Purple Team, Penetration Testing and Red Teaming
Shifting from Penetration Testing to Red Team and Purple Team
Penetration Testing to Red Team is mentality. Red Team is "the practice of looking at a problem or situation from the perspective of an adversary".
370x370_Jorge-Orchilles.jpg
Jorge Orchilles
read more
Blog
Penetration Testing and Red Teaming, Purple Team, Cloud Security
Build, Hack, and Defend Azure Identity - An Introduction to PurpleCloud Hybrid + Identity Cyber Range
PurpleCloud is a Hybrid + Identity Cyber Security Range built for Azure Cloud with automated deployment scripts.
370x370_Jason-Ostrom.jpg
Jason Ostrom
read more