One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 3027252 |
| Date de publication | 2021-07-06 10:00:00 (vue: 2021-07-06 11:05:39) |
| Titre | How to protect your site against lethal unauthorized code injections |
| Texte | This blog was written by an independent guest blogger. Lethal unauthorized code injections like XXS (cross site scripting) attacks are some of the most dynamic cyber-attacks. They are often very difficult to detect and can result in credit card theft, fraud, and endpoint data breaches, having a huge impact on small to medium sized businesses. In a recent AT&T cybersecurity survey, 88% of respondents reported that they had experienced at least one security incident within the past year. A CSP (content security policy) can be a great solution for defending sites from lethal code injections, especially when used in conjunction with additional layers of security to protect users' most sensitive data. The standardized set of directives that can be enforced by a CSP tells the browser what sources are trustworthy and which ones to block. This technique has the ability to eliminate many common injection vectors and also can significantly reduce XSS attacks. While CSPs are powerful against XSS and other client-side attacks, website admins should continue to follow security best practices and utilize tools that help to minimize JavaScript vulnerabilities. How CSPs help prevent malicious attacks When implemented as a part of your website standards, a CSP (or ISP - Information Security Policy - as it is sometimes called) tells the browser to enforce policies that restrict which scripts can be loaded on any given website. You can specify which domains are allowed to run scripts, which are blocked, and which ones get reported but can still be viewed. This not only helps you to narrow your vulnerability, but also can help you discover where malicious attacks are likely to come from in the future. When there are multiple CSPs specified, the browser will default to using the most restrictive directive in order to thwart a malicious attack. For example, to prevent cybercriminals from injecting embedded images with malicious code, an e-commerce site admin might want to limit the domains from which images are allowed to load from. A content security policy should be a mainstay for any web admin and IT team security protocol. Any other cyber protection that you use will be stabilized by the CSP and create a fortress to protect your website data. Layers of security Organizations both large and small should be concerned about hackers and data breaches, although the spotlight has been focused on advances in technology, giving a false sense of security. Instances of cybercrime were up again by 37% last year, costing businesses nearly $4.5 million. Cybersecurity strategies that can adapt to the changing techniques that cybercriminals employ to exploit businesses and their customers are more important than ever before as we continue to expand the internet of things and our connectivity capabilities. While a CSP provides a thick layer of protection, hackers only have to target a single allowed domain that you are not protected against in order to execute an attack that could possibly result in catastrophic data loss, loss of trust from your customers, and loss of revenue. In order to add another layer of security, website admins need an additional layer of JavaScript-based monitoring that is able to analyze script behavior at the granular level. Sensors that are created for JavaScript have the ability to collect all kinds of behavior signals from scripts that are running on the page while flagging anomalies that have the potential to be malicious code injection |
| Envoyé | Oui |
| Condensat | “a “the 24/7 ability able about access active actively activity adapt add addition additional admin admins advances again against agencies aligned all allowed also although always analyze anomalies another any application applications approach apps are armor assessing at&t attack attacks audits automated based basis been before behavior behavioral benefit benefits best between blind block blocked blog blogger bolstering both brand breaches browser building business businesses but called can canada canbe capabilities card catastrophic changes changing choose client code collect combination combining come comes commerce common complex concerned conclusion conduct confidence configuration conjunction connectivity consistently consumers content continue controlled cookies costing could countries create created creates credit cross crucial csp csps customer customers cyber cybercrime cybercriminals cybersecurity data date default defending details detect detecting detection devices difficult directive directives directly discover domain domains dynamic effect eliminate embedded employ encrypted endpoint enforce enforced environment especially essential essentially ever evolve example examples execute existing expand experience experienced expert exploit false fear fees flagging flowing focused follow fortress fraud frequent from functionality future get getting given giving good government granular great grow guest hackers had has have having help helps here hiding high how huge idea identity images impact implemented implementing importance important incident include independent inexpensive information injecting injection injections instances internet involves isp issues it's javascript keep keeping kind kinds knowing large larger last layer layers least lethal level levels like likely limit little load loaded login longer loss ludovic mainstay maintaining maintenance make malicious manual many medium mere might million minimal minimize mitigate monitoring more most much multiple narrow nearly need needs network not notes often one ones only option order organizations other owner owners page part party past pay performance personal pinpoint policies policies: policy possibly potential powerful practices prevent preventing priority privacy proactive protect protected protecting protection protects protocol provides providing quality quickly recent reduce regards regular reinforcing relationship reliable rembert reported requires respondents restrict restrictive result revenue right run running safe sandbox sandboxing satisfaction says script scripting scripts secure securely security sense sensitive sensors server service services set should side sided signals significantly similar single site sites situation sized small sneaky software solution solutions some sometimes sources specific specified specify spot spotlight stabilized standardized standards stealing stolen strategies streaming support sure surf survey system systems target team technique techniques technologies technology tells than that’s theft them then these thick things third those threats through thwart time today’s tools top trust trustworthy tunnel type unauthorized updates use used user users' using utilize utilizes vectors very viewed virtual visit vital vpn vpns vulnerabilities vulnerability want way web website well what when where which who will within without work works world written xss xxs year you’re your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.