[Owasp-leaders] 3rd Party JavaScript Management Cheatsheet

Rogan Dawes rogan at dawes.za.net
Fri Apr 15 09:41:13 UTC 2016


My google-fu is weak today, but I'm pretty sure I recall reading about a
mechanism to provide a checksum of an included resource in the including
page, such that the browser will reject any content that does not match the
checksum. That seems like a valuable addition to this cheat sheet, to me.


On Fri, Apr 15, 2016 at 10:02 AM Kim Carter <kim.carter at owasp.org> wrote:

> Excellent! Doesn't seem to be anything there though...
>
>
>
>
> Kim Carter
>
> OWASP New Zealand Chapter Leader (Christchurch)
>
> Author of *Holistic Info-Sec for Web Developers*
> <https://leanpub.com/b/holisticinfosecforwebdevelopers>
>
> c: +64 274 622 607
>
>
>
>
>
>
>
> On 15/04/16 09:10, Taras wrote:
>
> Hi!
>
> It's a very interesting topic and good cheatsheet! My suggestions are:
> 1. Add some code examples
> 2. Add some diagrams to illustrate Server Direct flow
> 3. What about using SRI (https://www.w3.org/TR/SRI/)? Can we use it
> here?
> 4. What about using iframe from different domain (e.g. static data
> host) as "jail" for such 3rd party code? We can make communication
> between the host and this iframe with postMessage
>
>
> В Пн, 11/04/2016 в 16:41 -1000, Jim Manico пишет:
>
> Hello folks,
>
> Jim Weiler from the OWASP Boston chapter just released a cheatsheet
> on 3rd party JavaScript management. I think this is a solid and very
> interesting piece of work. It address a security concern which many
> website operators face.
>
> Take a look, your feedback is - as always - appreciated.
> https://www.owasp.org/index.php/3rd_Party_Javascript_Management_Cheat
> _Sheet
>
> Aloha,
> Jim Manico
>
>
>  _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
>
> _______________________________________________
> OWASP-Leaders mailing listOWASP-Leaders at lists.owasp.orghttps://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160415/b19a9175/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cjhbgede.png
Type: image/png
Size: 56531 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160415/b19a9175/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owasp_member_emailsignature.gif
Type: image/gif
Size: 5563 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160415/b19a9175/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: owasp_member_emailsignature.gif
Type: image/gif
Size: 5563 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160415/b19a9175/attachment-0003.gif>


More information about the OWASP-Leaders mailing list