Magecart came to light in 2018, where various groups of attackers siphoned credit card data from thousands of e-commerce implementations across the globe. This talk will focus on how and where these attacks occur as well as the various defensive strategies that can be used to prevent them. The discussion will be relatively high-level, but there will be a dash of JavaScript and a detailed technical breakdown of Content Security Policy (CSP) and Subresource Integrity (SRI), both of which are critical for defense.

Kevin is the Senior InfoSec Architect at DICK'S Sporting Goods. A recent Columbus transplant, he has spent his 20+ years in information security attacking and defending companies in the Pittsburgh area. Proud owner of a DOJ-issued Terrible Towel, he is passionate about sharing knowledge and the incredible spirit of our community.

Back to BSides Columbus Ohio 2019 video list