[Owasp-leaders] 3rd Party JavaScript Management Cheatsheet

Achim achim at owasp.org
Sat May 28 20:25:44 UTC 2016


On 27.05.2016 09:00, The Black Labrador wrote:
> Agreed on the 2nd point, but on the 1st one, if your hosting environment is compromised then the attacker would change both the checksum and the URL that the code comes from, no?

What is difference for the 3rd party source vs. your own source if your host is compromised?
Nothing, game over (as Jim said).

I'd say this is not a valid scenario here.

Ciao
Achim


More information about the OWASP-Leaders mailing list