taras.ivaschenko at owasp.org
Thu Apr 14 21:10:39 UTC 2016
It's a very interesting topic and good cheatsheet! My suggestions are:
1. Add some code examples
2. Add some diagrams to illustrate Server Direct flow
3. What about using SRI (https://www.w3.org/TR/SRI/)? Can we use it
4. What about using iframe from different domain (e.g. static data
host) as "jail" for such 3rd party code? We can make communication
between the host and this iframe with postMessage
В Пн, 11/04/2016 в 16:41 -1000, Jim Manico пишет:
> Hello folks,
> Jim Weiler from the OWASP Boston chapter just released a cheatsheet
> interesting piece of work. It address a security concern which many
> website operators face.
> Take a look, your feedback is - as always - appreciated.
> Jim Manico
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: This is a digitally signed message part
More information about the OWASP-Leaders