We've seen a few notable news events this year along the same lines. Major websites have suffered serious breaches not because they were hacked, but because of a compromise in a 3rd party dependency. Two of the biggest stories involved targetted attacks on payment data, they were skimming credit card…
Tag: SRI
Total 4 Posts
We saw a pretty big event take place over the weekend where a 3rd party provider was compromised and their JS library was altered. The alteration introduced a crypto mining script that was then subsequently included on over 4,000 websites that I know of, many of which were Government…
Subresource Integrity is an awesome security feature that allows us to ensure that assets served by a CDN haven't been tampered with. Now, thanks to a new directive in CSP, we can ensure that SRI is used across our site. SRI In short, SRI allows us to embed the hash…
Most sites on the Internet these days load some kind of content from a CDN, usually JS and CSS. Whilst this comes with great performance boosts and savings on bandwidth, we're trusting that CDN to load content into our pages, content that could possibly be harmful. Until now, we had…
