00 — Overview

Content Security Policy and CSP Bypass

CSP is the browser's XSS firewall. Learn how it works, why it gets misconfigured, and how attackers bypass it through JSONP, open redirects, and trusted CDNs.

Advanced·50 min·7 tasks

// By the end of this module

→Read and interpret a Content-Security-Policy header

→Identify common CSP misconfigurations that allow script execution

→Bypass CSP using JSONP endpoints, unsafe-inline, and script gadgets

→Understand why CSP is a mitigation, not a silver bullet

// Prerequisites

Injection · Intermediate

XSS to Account Takeover

45 min

→