SRI
It’s all about the data
Data protection, controls and compliance don’t have to be an onerous obligation. With the right approach, you can turn it into a key differentiator for your business, says Tala’s Director of Product ...
What’s in Your Website? Lurking Risk from Third-party Resources
Address Risk from Third-party Resources with Subresource Integrity (SRI) In most real-life web apps there’s a need to include third-party resources. Whether it is for advertisements, A/B testing, analytics or other purposes, ...
When the CDN Goes Bananas
Slides on Subresource Integrity from the SecTalks Sydney meetup The post When the CDN Goes Bananas appeared first on Rainbow and Unicorn ...
Upcoming Features of Subresource Integrity 2.x
As a response to the growing number breaches involving CDNs, the first release of the Subresource Integrity (SRI) was published hastily in late 2015. The W3C WebAppSec Working Group decided to leave ...
sritest.io February Update
Semi-regular updates on the improvements, bugfixes and other changes to the Subresource Integrity scanner at sritest.io The post sritest.io February Update appeared first on Rainbow and Unicorn ...
Compromising US Banks with Third-party Code
Online banking services of major banks in the US can potentially be compromised through third-party services. Banks are including JavaScript code from external sources controlled by someone else. This practice opens up ...
Scanning Websites for SRI Hash Usage with sritest.io
Third-party hosted website assets, such as JavaScript libraries, are vulnerable to tampering. However, a new technique named Subresource Integrity (SRI) is here to protect these external assets. One problem is the slow ...