Today I Learned: Bypassing Content Security Policy (CSP) via ajax.googleapis.com
Content Security Policy (CSP) is the number one defensive technology in modern web applications. Many developers add ajax.googleapis.com to CSP definitions because they use libraries from this very popular Content Delivery Network (CDN) in their web applications. The problem is that it completely bypasses the CSP and obviously you don’t want that to happen.
In a free video, Dawid Czagan (SINCON's Training Instructor) will show you step-by-step how your CSP can be bypassed by hackers.
Watch this free video and feel the taste of Dawid Czagan’s Live Online Training ”Black Belt Pentesting / Bug Hunting Millionaire: Mastering Web Attacks with Full-Stack Exploitation” (the next run will be held on 27-28 Oct 2020). For more information, please visit https://www.infosec-city.com/sin20-t-black-belt-pentest-bug-hunt.