Five Client-Side Web App Risks Banking & Investment Should Know
Can you name the top cybersecurity risks for banking and investment? Most would probably list cyber attacks like phishing, credential theft, DDoS, and maybe ransomware. But would it surprise you to learn that there is something on the list that many in the banking and investment industry forget–and that’s client-side ... Read More
Web Tracker Security: Lawsuit Filed Against Hospitals for Data Privacy Violations
A few weeks ago we wrote about the “creepy, problematic, and potentially illegal” problems associated with web tracker security—in particular, the security risks of Facebook’s Meta Pixel, its ability to collect and use sensitive healthcare data, and the risks of hospital privacy lawsuits. It seems those creepy and illegal problems ... Read More
How to Create and Deploy a Content Security Policy
When it comes to client-side security, creating and deploying a content security policy (CSP) can serve as a solid starting point. To deploy a content security policy, you must first identify assets, including first- and third-party resources that will be loaded in the browser when a user visits your website ... Read More
Web Trackers: Your Next JavaScript Security Nightmare
A “Creepy, Problematic, and Potentially illegal” Problem. When it comes to security and healthcare, most patients expect, at the very least, doctor-patient confidentiality. If web trackers are embedded within the JavaScript on a healthcare website you expect full security. I mean, you shouldn’t have to worry about someone working at ... Read More
Dear AppSec: I Was a Credit Card Skimming Attack Victim. (And It Sucks!)
I am a credit card skimming attack victim. It happened about eight weeks ago, and to this day, we’re still dealing with the repercussions. This is a true story. (Although I did substitute a few facts to protect the innocent.) And yes, while I work for Feroot, and this is ... Read More
Hell Yeah, I Want an Automated Content Security Policy!
Generating a generic content security policy is easy. Manually managing those policies to ensure they operate effectively and provide the right level of security is an entirely different issue. For businesses willing to make the shift, an automated content security policy can significantly ease the policy management burden. There’s a ... Read More
JavaScript Web Application Security: 5 Things Developers Should Know
When client-side security breaches happen, web application developers may find themselves at the receiving end of the blame game (somewhat unfairly). The demands of an accelerated development cycle combined with pressures related to JavaScript web applications security, means developers may feel caught in the proverbial “damned if you do and ... Read More
What Does PCI DSS 4.0 Mean for Client-Side Security?
PCI DSS 4.0 couldn’t have come at a more opportune time, particularly as the global pandemic forces more individuals into online purchasing—from shopping and entertainment to healthcare and hospitality. With PCI 4.0 compliance mandated by 2025, it is critical to understand now what it will mean for client-side security, so ... Read More
Why Web Application Visibility Is Important to JavaScript Security
Web application visibility is all about the insight and control application security professionals have into the software operating on the front end or client side. Sitting down to write about why web application visibility is important to JavaScript security, I was reminded of a folk song about coding that was ... Read More
Everything You Need to Know to Prevent JavaScript Supply Chain Attacks
JavaScript supply chain attacks are a bit like rolling thunder. The boom starts in one location and then reverberates along a path, startling folks, shaking windows, and—if there is a significant enough storm to accompany the thunder—leaving varying degrees of devastation in its wake. Last week’s story on a multi-year ... Read More
