Using Subresource Integrity to Secure your Web Applications

October 17, 2018 | Filed Under: How ToSecurity

Even if you’ve hardened your system with Privileged Account Management policies, Intrusion Detection Systems and regular audits, it’s crucial to ensure that all external code running own your platform is secure. Both TicketMaster and British Airways made the same, easily avoidable mistake of loading untrusted third-party Javascript into their pages, allowing attackers to read the content of their payment forms and skim sensitive information such as credit card data, names and birthdays.

This could have been prevented by the use of Subresource Integrity. At its simplest, Subresource Integrity (SRI) will allow you to associate a cryptographically secure hash with the script or stylesheet you wish to load: if the script is compromised, the hash will no longer match the resource you’re requesting and the browser will not execute it. You can enforce the use of SRI across your site with Content-Security-Policy headers and mandate them for both Javascript and CSS Stylesheet resources.

The Mozilla Developer Network provides the following documentation on configuring SRI for your website:

Want to know how CyberSana’s platform can help you manage high-level security? Contact us for a demo today!

Tags: , , ,