Content Security Policy

The End of CoinHive and the Rise of Cryptojacking

The End of CoinHive and the Rise of Cryptojacking

| | Content Security Policy, cryptocurrencies, Cryptojacking
CoinHive is a service that was created in September 2017. It allows users to mine Monero cryptocurrency using JavaScript. CoinHive has remarkably changed the income models of content developers over the course ...
Netsparker, Web Application Security Scanner
Negative Impact of Incorrect CSP Implementations

Negative Impact of Incorrect CSP Implementations

| | Content Security Policy, csp
Content Security Policy (CSP) is an effective client-side security measure that is designed to prevent vulnerabilities such as Cross-Site Scripting (XSS) and Clickjacking. Following the regular discovery of bypass techniques, a group ...
Netsparker, Web Application Security Scanner
Addressing Risk with Subresource Integrity (SRI)

What’s in Your Website? Lurking Risk from Third-party Resources

| | Blog, Chrome, Content Security Policy, edge, Firefox, hash generation, Internet Explorer, Safari, SRI, Subresource Integrity, Technical Blog, third-party resources, Trust in Security
Address Risk from Third-party Resources with Subresource Integrity (SRI) In most real-life web apps there’s a need to include third-party resources. Whether it is for advertisements, A/B testing, analytics or other purposes, ...
Blog – Checkmarx
How Private Data Can Be Stolen with a CSS Injection

How Private Data Can Be Stolen with a CSS Injection

| | Content Security Policy, XSS
Modern browsers do an excellent job defending web applications against reflected Cross-site Scripting (XSS). They do so by using XSS filters that allow them to reliably block such attacks in the majority ...
Netsparker, Web Application Security Scanner