During a web application assessment, a security consultant observes that even though the application has a CSP header, it uses the unsafe-inline directive for scripts. What potential risk does this pose?
- It allows any script to run on the page
- It disallows all inline scripts
- It only allows scripts from external sources
- It restricts all scripting entirely
Using the unsafe-inline directive for scripts in a CSP is risky because it allows any inline script to run on the page. This essentially undermines the security benefits of CSP by permitting potentially harmful inline scripts, which is a security vulnerability.
Loading...
Related Quiz
- Which countermeasure involves training employees to recognize and report suspicious requests or messages?
- An employee using their access to steal confidential company data for personal gain is an example of which type of insider threat?
- An attacker sets up a rogue wireless access point with the same SSID as a legitimate network to trick users into connecting to it. What is this type of attack called?
- In the context of operating system security, which mechanism dictates how privileges are escalated or restricted for processes?
- Which part of a digital signature process involves generating a value that is unique to the signed data?