Using Subresource Integrity to Secure your Web Applications

Using Subresource Integrity to Secure your Web Applications

Even if you’ve hardened your system with Privileged Account Management policies, Intrusion Detection Systems and regular audits, it’s crucial to ensure that all external code running own your platform is secure. Both TicketMaster and British Airways made the same, easily avoidable mistake of loading untrusted third-party Javascript into their pages, allowing attackers to read the content of their payment forms and skim sensitive information such as credit card data, names and birthdays.

This could have been prevented by the use of Subresource Integrity. At its simplest, Subresource Integrity (SRI) will allow you to associate a cryptographically secure hash with the script or stylesheet you wish to load: if the script is compromised, the hash will no longer match the resource you’re requesting and the browser will not execute it. You can enforce the use of SRI across your site with Content-Security-Policy headers and mandate them for both Javascript and CSS Stylesheet resources.

The Mozilla Developer Network provides the following documentation on configuring SRI for your website:

Want to know how CyberSana’s platform can help you manage high-level security? Contact us for a demo today!

Request a Demo

Fill out the form below and we'll get in touch via email.
We look forward to talking to you!
Thank you! We'll be in touch.
Oops! Something went wrong while submitting the form.
Top ^