[Owasp-leaders] 3rd Party JavaScript Management Cheatsheet

Taras taras.ivaschenko at owasp.org
Thu Apr 14 21:10:39 UTC 2016


It's a very interesting topic and good cheatsheet! My suggestions are:
1. Add some code examples
2. Add some diagrams to illustrate Server Direct flow
3. What about using SRI (https://www.w3.org/TR/SRI/)? Can we use it
4. What about using iframe from different domain (e.g. static data
host) as "jail" for such 3rd party code? We can make communication
between the host and this iframe with postMessage

В Пн, 11/04/2016 в 16:41 -1000, Jim Manico пишет:
> Hello folks,
> Jim Weiler from the OWASP Boston chapter just released a cheatsheet
> on 3rd party JavaScript management. I think this is a solid and very
> interesting piece of work. It address a security concern which many
> website operators face.
> Take a look, your feedback is - as always - appreciated.
> https://www.owasp.org/index.php/3rd_Party_Javascript_Management_Cheat
> _Sheet
> Aloha,
> Jim Manico
>  _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160415/475a5776/attachment.pgp>

More information about the OWASP-Leaders mailing list