homepage
Open menu
Contact Sales

Content Security Policy Bypass: Exploiting Misconfigurations

Content Security Policy (CSP) is designed to help mitigate content injection attacks such as XSS. While it can be helpful as a part of a defense-in-depth strategy, misconfigurations may be bypassed, especially when used as a sole defensive mechanism. Content Security Policy configurations can be...
By
James Casteel
July 15, 2021
Download

All papers are copyrighted. No re-posting of papers is permitted

470x382_Generic_Whitepaper.jpg

Related Content

Blog
HHC_340x340_v2.jpg
Cybersecurity and IT Essentials, Penetration Testing and Red Teaming
Don’t Miss the 2022 SANS Holiday Hack Challenge – Now Open for Free Play
SANS’s annual festive gift to the cyber community is back with a new supervillain to thwart.
370x370_Ed-Skoudis.jpg
Ed Skoudis
read more
Blog
HackFest_Blog.png
Offensive Operations, Penetration Testing and Red Teaming
A Visual Summary of SANS Pen Test HackFest Summit 2022
On November 14-15, attendees joined us in Arlington, VA or tuned in Live Online for the SANS Pen Test HackFest Summit! We invited Ashton Rodenhiser of Mind's Eye Creative to create graphic recordings of our Summit presentations. If you missed a talk or are looking to view the Summit through a...
370x370-person-placeholder.png
Alison Kim
read more
Blog
shutterstock_382594525.jpg
Penetration Testing and Red Teaming
Red Team Tactics: Hiding Windows Services
A little known feature of Windows allows attackers to hide persistent services from view, creating an opportunity to evade threat hunting detection.
370x370_Joshua-Wright.jpg
Joshua Wright
read more