Jump to content

Locked Bypassing Content Security Policy in Modern Web Applications


Recommended Posts



Content Security Policy (CSP) is the most powerful defensive technology in modern web applications. For hackers, this is an obstacle that blocks their attacks. That’s why hackers are very interested in bypassing Content Security Policy and obviously you don’t want that to happen.

In this course, you’ll learn how your Content Security Policy can be bypassed by hackers. What’s more, you’ll learn how to check if your Content Security Policy is vulnerable to these attacks. First, I’ll show you how hackers can bypass a CSP via ajax(dot)googleapis(dot)com. Next, I’ll present how hackers can bypass a CSP via Flash file. After that, I’ll explain to you what a polyglot file is and how it can be used to bypass a CSP. Finally, I’ll present how hackers can bypass a CSP via AngularJS.

*** For every single attack presented in this course there is a DEMO ***  so that you can see step by step how these attacks work in practice. I hope this sounds good to you and I can’t wait to see you in the class.

    Case #1:  Bypassing CSP via ajax(dot)googleapis(dot)com
    Case #2: Bypassing CSP via Flash File
    Case #3: Bypassing CSP via Polyglot File
    Case #4: Bypassing CSP via AngularJS

Who this course is for:

    Penetration testers, ethical hackers, bug hunters, security engineers / consultants


    Basic hacking skills
    Basic understanding of XSS attacks


This is the hidden content, please

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.