homepage
Open menu
Contact Sales

Content Security Policy Bypass: Exploiting Misconfigurations

Content Security Policy (CSP) is designed to help mitigate content injection attacks such as XSS. While it can be helpful as a part of a defense-in-depth strategy, misconfigurations may be bypassed, especially when used as a sole defensive mechanism. Content Security Policy configurations can be...
By
James Casteel
July 15, 2021
Download

All papers are copyrighted. No re-posting of papers is permitted

470x382_Generic_Whitepaper.jpg

Related Content

Blog
HackFest_blog_image.png
Offensive Operations, Pen Testing, and Red Teaming, Open-Source Intelligence (OSINT), Penetration Testing and Red Teaming
A Visual Summary of SANS HackFest Summit
Check out these graphic recordings created in real-time throughout the event for SANS HackFest Summit 2023
370x370-person-placeholder.png
Alison Kim
read more
Blog
HHC_340x340_v2.jpg
Cybersecurity and IT Essentials, Penetration Testing and Red Teaming
Don’t Miss the 2022 SANS Holiday Hack Challenge – Now Open for Free Play
SANS’s annual festive gift to the cyber community is back with a new supervillain to thwart.
370x370_Ed-Skoudis.jpg
Ed Skoudis
read more
Blog
shutterstock_382594525.jpg
Penetration Testing and Red Teaming
Red Team Tactics: Hiding Windows Services
A little known feature of Windows allows attackers to hide persistent services from view, creating an opportunity to evade threat hunting detection.
370x370_Joshua-Wright.jpg
Joshua Wright
read more