How to Secure Your Digital Storefront for the Biggest Cyber Monday Ever

Online shopping has set records in 2020 as the ongoing pandemic has rapidly accelerated growth and adoption of eCommerce. This will make the coming holiday season not only the busiest but also the riskiest ever. That’s because a larger percentage of total annual sales than ever before is likely to depend on your web and mobile applications. Your APIs for pricing and inventory will likely entertain more requests than you have ever seen. With this much at stake, making sure you implement rock-solid security is paramount. Here are five suggestions on how to prevent bad actors from grinching your holiday shopping revenues.

Update your WAF with the latest policies

Your Web Application Firewall (WAF) is table stakes for effective security. It blocks inbound requests from known bad hosts and IP subnets. WAFs are your first line of defense against OWASP attacks like cross-site-scripting and SQL injection. Your WAF is also only as secure as its policies. Hackers know this and often introduce new IPs and other obfuscation tactics in the run-up to the holiday season. This is why it’s imperative to frequently update WAF policies across your entire public-facing attack surface, including your origin servers and CDN.

Implement a strong Content Security Policy

Content Security Policy (CSP) is a way to limit what JavaScript code can do on a web application or mobile application using browser components. This is a useful defense against unauthorized content and code injections on the client-side. Because CSP defines an allow list for the web page, they can ensure that code, images, and iframes can only be fetched from specified domains, or that form actions are restricted to certain parameters, to name two capabilities. CSP is widely supported by all major browsers, is difficult to evade, and (Read more...)