cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kempy
Newcomer III

magecart mitigation

I have created an electron app to simulate magecart entirely client side (so not a true reflection).

 

It's at https://github.com/kempy007/magecart-shim

 

Does anyone know of any techniques that could mitigate this risk?

 

Owasp have a good article here https://www.owasp.org/index.php/3rd_Party_Javascript_Management_Cheat_Sheet

 

However I don't feel it would be possible to prevent a script coming from client side from scraping the data, what the owasp article mentions would all be server side control.

 

1 Reply
Kempy
Newcomer III

The best answer to mitigate this threat is to implement content security policy headers.

 

https://www.pluralsight.com/courses/defending-javascript-keylogger-attacks-pci