A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Battling Magecart: The Risks of Third-Party Scripts - Kevin Gennuso BSides Columbus Ohio 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Battling Magecart: The Risks of Third-Party Scripts
Kevin Gennuso
BSides Columbus Ohio 2019

Magecart came to light in 2018, where various groups of attackers siphoned credit card data from thousands of e-commerce implementations across the globe. This talk will focus on how and where these attacks occur as well as the various defensive strategies that can be used to prevent them. The discussion will be relatively high-level, but there will be a dash of JavaScript and a detailed technical breakdown of Content Security Policy (CSP) and Subresource Integrity (SRI), both of which are critical for defense.

Kevin is the Senior InfoSec Architect at DICK'S Sporting Goods. A recent Columbus transplant, he has spent his 20+ years in information security attacking and defending companies in the Pittsburgh area. Proud owner of a DOJ-issued Terrible Towel, he is passionate about sharing knowledge and the incredible spirit of our community.

Back to BSides Columbus Ohio 2019 video list

15 most recent posts on Irongeek.com:


    If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

    Copyright 2019, IronGeek
    Louisville / Kentuckiana Information Security Enthusiast