News & Articles

Our articles and guides on how to protect your startup from cybercriminals

Read about all the security issues that we find during our automated security reviews, and how to solve them.

Latest Articles

All
ISO 27001
All
SOC 2
All
Vulnerabilities
All
Mitigations

CSP: Meta Policy Invalid Directive

CSP is a browser security mechanism that helps protect against various types of attacks, including cross-site scripting (XSS) and data injection. The CSP: Meta Policy Invalid Directive vulnerability occurs when the CSP meta policy contains invalid directives, which can weaken the security posture of the application.

Vulnerabilities

CSP: script-src unsafe-eval

CSP allows website administrators to control the resources that a browser can load from a web page. This is designed to protect websites from code injection attacks. The 'CSP: script-src unsafe-eval' vulnerability is a type of CSP violation that occurs when a website allows the use of the 'unsafe-eval' keyword in the script-src directive, which allows JavaScript code to be executed from strings, which can then be used by attackers to inject malicious code into a web page.

Vulnerabilities

CSP: Malformed Policy (Non-ASCII)

CSP is an important security mechanism that helps prevent web-based attacks. It does so by defining a set of rules that govern the behavior of web browsers when loading and executing resources from external sources. The 'CSP: Malformed Policy (Non-ASCII)' vulnerability is when CSP is misconfigured or malformed, leaving your web application vulnerable to various types of attacks.

Vulnerabilities

CSP: style-src unsafe-hashes

CSP is a powerful feature that helps prevent attacks such as Cross-Site Scripting (XSS) and code injection. The 'CSP: style-src unsafe-hashes' vulnerability allows any inline style to be injected, including malicious styles. This vulnerability can allow attackers to execute XSS attacks, inject malicious code, and steal sensitive information.

Vulnerabilities

CSP: script-src unsafe-hashes

CSP is a security mechanism that helps mitigate various types of attacks by defining which resources are allowed to be loaded by the browser. The ‘CSP: script-src unsafe-hashes' vulnerability arises due to the use of 'unsafe-hashes' in the 'script-src' directive, which poses a potential risk, as it allows inline scripts that may be susceptible to various attacks.

Vulnerabilities

CSP: style-src unsafe-inline

CSP is a security mechanism that helps mitigate cross-site scripting (XSS) attacks by specifying the allowed sources for various types of content. The 'CSP: style-src unsafe-inline' vulnerability indicates that your application's Content Security Policy allows the use of inline styles, which can be exploited by attackers.

Vulnerabilities