CSP and Bypasses

This blog post aims to demonstrate what CSP is and why CSP is implemented. And how attackers can bypass CSP. In this article, I will include how you can bypass some directives to achieve XSS on the target application.

A pen tester's guide to Content Security Policy - Outpost24

VolgaCTF 2018 - Neatly bypassing CSP

Using Content Security Policy (CSP) to Secure Web Applications

Bypassing CSP with JSONP Endpoints - Hurricane Labs

CSP and Bypasses

How to use Google's CSP Evaluator to bypass CSP - Web Security Blog

Oil Cooler Bypass :: Custom & Speed Parts (CSP)

CSP Bypass via old jQuery - Thanks parseHTML!

Ben Hayak on X: Another #someattack Strike! Same Origin Method Execution JSONP chain allows hackers to bypass CSP and gain Remote Code Execution. From HTML Injection (restricted by CSP) to XSS and

How to perform CSP Bypass, techniques.