Content Security Policy (CSP) is like a bouncer in a club. It legitimizes every resource and lets in only the ones who have a valid ticket or meet the requirements to enter — trusted and without any malicious intentions. Officially, CSP is a security standard which helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS).

However, that’s where the easy part ends and the questions begin. CSP is a complex topic and there are many misconceptions about how it should look like. Should it just be a whitelist of allowed domains? What is going on…


Background

In the COVID era, everyone speaks about remote work security. People wonder which VPN is the most secure and how serious are security issues in web conference platforms such as Zoom. However, webinar software platforms have also grown in popularity and it seems like nobody talks about their security.

While looking for a platform that would suit ourselves, we tested the security of 14 of them. It turned out that half of them contain high or critical risk vulnerabilities related to access control.

For two of the tested platforms, an attacker could easily become a host and for three others…

Michał Stanisław Ogorzałek

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store