Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Bypassing Content Security Policy in Modern Web Applications
Rating: 4.8 out of 5(14 ratings)
124 students

Bypassing Content Security Policy in Modern Web Applications

Learn How Hackers Can Bypass the Most Powerful Defensive Technology in Modern Web Applications
Created byDawid Czagan
Last updated 5/2023
English

What you'll learn

  • Discover how hackers can bypass a CSP via ajax(dot)googleapis(dot)com
  • Explore how hackers can bypass a CSP via Flash file
  • Learn how hackers can bypass a CSP via polyglot file
  • Discover how hackers can bypass a CSP via AngularJS
  • Learn step by step how all these attacks work in practice (DEMOS)
  • Check if your Content Security Policy is vulnerable to these attacks
  • Become a successful penetration tester / ethical hacker
  • Learn from one of the top hackers at HackerOne

Course content

5 sections5 lectures1h 4m total length
  • Introduction1:47

Requirements

  • Basic hacking skills
  • Basic understanding of XSS attacks

Description

Content Security Policy (CSP) is the most powerful defensive technology in modern web applications. For hackers, this is an obstacle that blocks their attacks. That’s why hackers are very interested in bypassing Content Security Policy and obviously you don’t want that to happen.

In this course, you’ll learn how your Content Security Policy can be bypassed by hackers. What’s more, you’ll learn how to check if your Content Security Policy is vulnerable to these attacks. First, I’ll show you how hackers can bypass a CSP via ajax(dot)googleapis(dot)com. Next, I’ll present how hackers can bypass a CSP via Flash file. After that, I’ll explain to you what a polyglot file is and how it can be used to bypass a CSP. Finally, I’ll present how hackers can bypass a CSP via AngularJS.
-----------------------------------------------

*** For every single attack presented in this course there is a DEMO ***  so that you can see step by step how these attacks work in practice. I hope this sounds good to you and I can’t wait to see you in the class.
-----------------------------------------------

  • Case #1:  Bypassing CSP via ajax(dot)googleapis(dot)com

  • Case #2: Bypassing CSP via Flash File

  • Case #3: Bypassing CSP via Polyglot File

  • Case #4: Bypassing CSP via AngularJS

Who this course is for:

  • Penetration testers, ethical hackers, bug hunters, security engineers / consultants